Pcpin Pcpin Chat : Security vulnerabilities, CVEs

Copy

CVE-2008-2485

Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Max CVSS

4.3

EPSS Score

0.25%

Published

2008-05-28

Updated

2018-10-11

CVE-2006-1963

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

Max CVSS

5.5

EPSS Score

0.52%

Published

2006-04-21

Updated

2018-10-18

CVE-2006-1962

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.

Max CVSS

7.5

EPSS Score

0.79%

Published

2006-04-21

Updated

2018-10-18

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!