彙總 echatserver 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 記憶體損壞與緩衝區溢位,在 生產負載與軟體部署 使用場景中可能帶來 記憶體損壞與應用程式崩潰 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2018-25221 | EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context. | [email protected] | 9.3 | 0.16% | 2026-03-28 | 2026-04-02 |
| CVE-2019-25613 | Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the application by sending oversized data in the message parameter. Attackers can establish a session via the chat.ghp endpoint and then send a POST request to body2.ghp with an excessively large message parameter value to cause the service to crash. | [email protected] | 8.7 | 0.39% | 2026-03-22 | 2026-04-02 |
| CVE-2022-44939 | Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | [email protected] | 7.8 | 0.08% | 2023-01-06 | 2025-04-09 |
| CVE-2019-20502 | An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter. | [email protected] | 7.5 | 0.49% | 2020-03-05 | 2024-11-21 |
| CVE-2017-9557 | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. | [email protected] | 7.5 | 0.30% | 2017-06-12 | 2026-05-13 |
| CVE-2017-9544 | There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code. | [email protected] | 9.8 | 79.59% | 2017-06-12 | 2026-05-13 |
| CVE-2017-9543 | register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. | [email protected] | 7.5 | 0.23% | 2017-06-12 | 2026-05-13 |