Aggregates CVE and security vulnerability intelligence across all phpfreechat-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling and vendor risk denial of service; exposure may include vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-5954 | phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands. | [email protected] | 7.5 | 9.10% | 2018-01-25 | 2024-11-21 |
| CVE-2011-3777 | phpFreeChat 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/zilveer/style.css.php and certain other files. | [email protected] | 5.0 | 1.24% | 2011-09-24 | 2026-04-29 |
| CVE-2008-3428 | Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | [email protected] | 6.5 | 1.16% | 2008-07-31 | 2026-04-23 |