Code-Projects Chat System SQL Injection Vulnerability
CVE-2025-7186

5.3MEDIUM

Key Information:

Vendor: Code-projects
Status: Chat System
Vendor: CVE Published:; 8 July 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7186?

A SQL injection vulnerability exists in the code-projects Chat System 1.0 due to improper processing of the argument ID in the /user/fetch_chat.php file. This flaw allows remote attackers to manipulate input and execute arbitrary SQL commands, potentially compromising database integrity. The issue has been disclosed publicly, raising concerns for users of this system, who should implement immediate security measures to mitigate the risk of exploitation.

Affected Version(s)

Chat System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7186 - Proof of Concept