CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37151

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.5%

CVSS Severity

CVSS v3 Score 8.2

References

http://ciprianmp.com/latest/
https://www.exploit-db.com/exploits/48066
https://www.vulncheck.com/advisories/phpmychat-plus-deluserphp-sql-injection

Products affected by CVE-2020-37151

Ciprianmp » Phpmychat-Plus » Version: 1.98

cpe:2.3:a:ciprianmp:phpmychat-plus:1.98

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37151

Products

Pricing

Contact Us