๐Ÿ” CVE Alert

CVE-2020-37151

HIGH 8.2

phpMyChat Plus 1.98 'deluser.php' SQL Injection

CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.

CWE CWE-89
Vendor ciprianmp
Product phpmychat plus
Published Feb 5, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for ciprianmp phpmychat plus

Be the first to know when new high vulnerabilities affecting ciprianmp phpmychat plus are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Affected Versions

Ciprianmp / phpMyChat Plus
1.98

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
exploit-db.com: https://www.exploit-db.com/exploits/48066 ciprianmp.com: http://ciprianmp.com/latest/ vulncheck.com: https://www.vulncheck.com/advisories/phpmychat-plus-deluserphp-sql-injection

Credits

J3rryBl4nks