SQL Injection Vulnerability in Code-Projects Chat System 1.0
CVE-2024-13020
5.3MEDIUM
What is CVE-2024-13020?
A significant vulnerability exists in the Code-Projects Chat System 1.0, located within the /admin/chatroom.php file. This issue is due to an improper handling of the 'id' parameter, which enables attackers to execute SQL injection attacks. This vulnerability can be exploited remotely, making it particularly concerning, as it allows unauthorized access to the underlying database. Given that this exploit has been publicly disclosed, it poses a notable risk to any installations of the affected product. Organizations using this software should take immediate steps to remediate this vulnerability to protect against potential attacks.
Affected Version(s)
Chat System 1.0