Public Chat Room
Monthly
SQL injection in code-projects Public Chat Room 1.0 via the ID parameter in send_message.php allows authenticated remote attackers to execute arbitrary SQL queries, despite a low CVSS 4.0 score of 2.1. The vulnerability requires prior authentication (PR:L) and offers only limited confidentiality impact (VC:L/VI:L/VA:L), but publicly available exploit code exists and the attack vector is network-accessible with low complexity, making it suitable for low-friction post-compromise lateral movement or information disclosure within authenticated environments.
Reflected cross-site scripting in Public Chat Room 1.0 allows authenticated remote attackers to inject malicious scripts via the chat_msg or your_name parameters in /send_message.php, requiring user interaction to trigger payload execution. The vulnerability has a low CVSS score (2.0) and EPSS exploitation probability (0.05th percentile), but publicly available exploit code exists, limiting attack complexity for threat actors with valid credentials.
A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL injection in code-projects Public Chat Room 1.0 via the ID parameter in send_message.php allows authenticated remote attackers to execute arbitrary SQL queries, despite a low CVSS 4.0 score of 2.1. The vulnerability requires prior authentication (PR:L) and offers only limited confidentiality impact (VC:L/VI:L/VA:L), but publicly available exploit code exists and the attack vector is network-accessible with low complexity, making it suitable for low-friction post-compromise lateral movement or information disclosure within authenticated environments.
Reflected cross-site scripting in Public Chat Room 1.0 allows authenticated remote attackers to inject malicious scripts via the chat_msg or your_name parameters in /send_message.php, requiring user interaction to trigger payload execution. The vulnerability has a low CVSS score (2.0) and EPSS exploitation probability (0.05th percentile), but publicly available exploit code exists, limiting attack complexity for threat actors with valid credentials.
A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.