Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chat_anywhere | Lionmax_software | * | 2.72 (including) |