Vulnerability Description
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pcpin | Pcpin Chat | 3.1.5 |
Related Weaknesses (CWE)
References
- http://retrogod.altervista.org/pcpin_504_xpl.htmlExploit
- http://secunia.com/advisories/19708Vendor Advisory
- http://securitytracker.com/id?1015968
- http://www.securityfocus.com/archive/1/431390/100/0/threaded
- http://www.securityfocus.com/archive/1/436029/100/0/threaded
- http://www.securityfocus.com/bid/17632Exploit
- http://www.vupen.com/english/advisories/2006/1441Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25961
- http://retrogod.altervista.org/pcpin_504_xpl.htmlExploit
- http://secunia.com/advisories/19708Vendor Advisory
- http://securitytracker.com/id?1015968
- http://www.securityfocus.com/archive/1/431390/100/0/threaded
- http://www.securityfocus.com/archive/1/436029/100/0/threaded
- http://www.securityfocus.com/bid/17632Exploit
- http://www.vupen.com/english/advisories/2006/1441Vendor Advisory
FAQ
What is CVE-2006-1962?
CVE-2006-1962 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.
How severe is CVE-2006-1962?
CVE-2006-1962 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1962?
Check the references section above for vendor advisories and patch information. Affected products include: Pcpin Pcpin Chat.