CVE-2014-5275 Information

Description

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password (2) email or (3) id parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-08/0026.html http://packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html http://www.exploit-db.com/exploits/34275 http://www.osvdb.org/109829 https://exchange.xforce.ibmcloud.com/vulnerabilities/95127