Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chat_anywhere | Lionmax_software | * | 2.72 (including) |