MidnightBSD

Advisories for pcpin

CVE-2006-1962 HIGH

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
pcpin pcpin_chat 3.2.0
pcpin pcpin_chat 3.2.3
pcpin pcpin_chat 4.0
pcpin pcpin_chat 3.1.7r
pcpin pcpin_chat 3.1.5
pcpin pcpin_chat 5.0.3
pcpin pcpin_chat 5.0.4
pcpin pcpin_chat 3.1.6
pcpin pcpin_chat 5.0.1
pcpin pcpin_chat 5.0.2
pcpin pcpin_chat 3.2.1
CVE-2006-1963 MEDIUM

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
pcpin pcpin_chat 3.2.0
pcpin pcpin_chat 3.2.3
pcpin pcpin_chat 4.0
pcpin pcpin_chat 3.1.7r
pcpin pcpin_chat 3.1.5
pcpin pcpin_chat 5.0.3
pcpin pcpin_chat 5.0.4
pcpin pcpin_chat 3.1.6
pcpin pcpin_chat 5.0.1
pcpin pcpin_chat 5.0.2
pcpin pcpin_chat 3.2.1