Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
User input passed through the "live_stream_code" POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized before being used to construct a SQL query. This can be exploited by malicious users to e.g. read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the "Live Chat" plugin to be enabled.
Proof of Concept: