Vulnerability Details CVE-2014-5275
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://archives.neohapsis.com/archives/bugtraq/2014-08/0026.html
- http://packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html
- http://www.exploit-db.com/exploits/34275
- http://www.osvdb.org/109829
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95127
- http://archives.neohapsis.com/archives/bugtraq/2014-08/0026.html
- http://packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html
- http://www.exploit-db.com/exploits/34275
- http://www.osvdb.org/109829
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95127
Products affected by CVE-2014-5275
-
cpe:2.3:a:prochatrooms:text_chat_rooms:8.2.0