Pcpin: >> Pcpin Chat >> 5.0.2 Security Vulnerabilities
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.
CVSS Score
7.5
EPSS Score
0.012
Published
2006-04-21
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
CVSS Score
5.5
EPSS Score
0.012
Published
2006-04-21