SQL Injection Vulnerability in Code-Projects Chat System 1.0
CVE-2024-13020

5.3MEDIUM

Key Information:

Vendor

Code-projects

Status
Chat System
Vendor
CVE Published:
29 December 2024

What is CVE-2024-13020?

A significant vulnerability exists in the Code-Projects Chat System 1.0, located within the /admin/chatroom.php file. This issue is due to an improper handling of the 'id' parameter, which enables attackers to execute SQL injection attacks. This vulnerability can be exploited remotely, making it particularly concerning, as it allows unauthorized access to the underlying database. Given that this exploit has been publicly disclosed, it poses a notable risk to any installations of the affected product. Organizations using this software should take immediate steps to remediate this vulnerability to protect against potential attacks.

Affected Version(s)

Chat System 1.0

References

https://vuldb.com/?id.289711
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289711
signaturepermissions-required
https://vuldb.com/?submit.470600
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.