SQL Injection Vulnerability in ITSourcecode Simple ChatBox
CVE-2025-25876

7.2HIGH

Key Information:

Vendor: ITSourcecode
Status: Simple ChatBox
Vendor: CVE Published:; 21 February 2025

Summary

A vulnerability exists in ITSourcecode Simple ChatBox that allows attackers to exploit an SQL injection flaw in the /delete.php file. This issue can enable unauthorized access to sensitive data, potentially compromising user information and system integrity. Web applications using vulnerable versions must be updated immediately to mitigate this risk.

References

https://github.com/SticKManII/cve-poc/blob/main/chat-box/...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2025
Vulnerability Reserved
Feb 7, 2025