SQL Injection Vulnerability in code-projects Chat System by code-projects
CVE-2025-7189
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 8 July 2025
Badges
What is CVE-2025-7189?
A vulnerability has been identified in the code-projects Chat System version 1.0, specifically in the /user/send_message.php file. This issue allows attackers to manipulate the 'msg' argument, potentially leading to SQL injection. Such an exploit can be executed remotely, posing a significant risk to data integrity and security. The vulnerability has been disclosed publicly, making it crucial for users to apply necessary security measures to mitigate the risk.
Affected Version(s)
Chat System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved