Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
13065.9%HIGH

Related CVEs

3
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2020-37151phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.HIGH8.830.1%Feb 5, 2026
CVE-2020-9265phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.HIGH8.270.2%Feb 18, 2020
CVE-2019-19908phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.MEDIUM6.197.3%Dec 20, 2019