Skip to main content

Simple Chatbox EUVD-2026-21853

| CVE-2026-6160 MEDIUM
Insertion of Sensitive Information into Externally-Accessible File (CWE-538)
2026-04-13 VulDB GHSA-r343-v546-p2ch
Information Disclosure Simple Chatbox
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
Apr 24, 2026 - 17:57 vuln.today
Public exploit code
Analysis Generated
Apr 13, 2026 - 05:27 vuln.today
CVSS changed
Apr 13, 2026 - 05:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
EUVD ID Assigned
Apr 13, 2026 - 05:15 euvd
EUVD-2026-21853
Analysis Generated
Apr 13, 2026 - 05:15 vuln.today
CVE Published
Apr 13, 2026 - 04:30 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

AnalysisAI

Remote file and directory information exposure in code-projects Simple ChatBox 1.0 allows unauthenticated attackers to disclose sensitive file paths and directory structures via manipulation of the SimpleChatbox_PHP endpoint. The vulnerability affects the chatbox.sql component and has publicly available exploit code; attackers can enumerate filesystem information without authentication or user interaction, creating risk for reconnaissance and secondary attack planning.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft HTTP request to SimpleChatbox_PHP endpoint
Delivery
Trigger directory/file enumeration
Exploit
Retrieve sensitive path information
Execution
Enumerate database backup files
Persist
Extract schema/credentials
Impact
Plan secondary exploitation
Sign in to reveal

Vulnerability AssessmentAI

Risk Assessment CVSS 5.5 with vector AV:N/AC:L/PR:N indicates network-accessible attack requiring no privileges or user interaction; however, the limited scope (VC:L only, no integrity/availability impact) constrains severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker sends a crafted request to the SimpleChatbox_PHP endpoint, triggering file/directory enumeration that reveals internal paths, backup file locations, and database schema information. The attacker uses the exposed paths (e.g., database credentials or internal file structure) to launch secondary attacks such as SQL injection or direct database access. …
Remediation Apply the latest security patch from code-projects (patch version not specified in available data; contact vendor at code-projects.org for availability). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-21853 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy