CVE-2015-6512 - Quadrilingual Hydrometers

Description

SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.

Reference

https://www.exploit-db.com/exploits/37592/ http://packetstormsecurity.com/files/132673/FreiChat-9.6-SQL-Injection.html http://security.szurek.pl/freichat-96-sql-injection.html