SQL Injection Vulnerability in Code-Projects Chat System
CVE-2024-13035

5.3MEDIUM

Key Information:

Vendor
Code-projects
Status
Chat System
Vendor
CVE Published:
30 December 2024

Summary

A vulnerability exists within the Code-Projects Chat System version 1.0, specifically in the code handling the update_user.php file. An improper validation of the 'id' parameter opens up the system to SQL injection attacks. This flaw allows attackers to manipulate the SQL queries executed by the application, which poses a significant risk to the integrity and confidentiality of user data. The attack can be conducted remotely, making it particularly concerning as it does not require physical access to the system. The potential exploitation of this vulnerability highlights the urgent need for users to apply security measures and updates to protect their systems.

Affected Version(s)

Chat System 1.0

References

https://vuldb.com/?id.289768
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289768
signaturepermissions-required
https://vuldb.com/?submit.471112
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Havook (VulDB User)
.