Ciprianmp: >> Phpmychat-Plus >> 1.98 Security Vulnerabilities
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
CVSS Score
8.2
EPSS Score
0.0
Published
2026-02-05
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
CVSS Score
9.3
EPSS Score
0.01
Published
2020-02-18
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
CVSS Score
6.1
EPSS Score
0.447
Published
2019-12-20