A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/add_chatroom.php. The manipulation of the argument chatname/chatpass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://code-projects.org/ | Product |
https://github.com/Team-intN18-SoybeanSeclab/CVE/blob/main/sqlinject1.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.294359 | Permissions Required VDB Entry |
https://vuldb.com/?id.294359 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.492911 | Third Party Advisory VDB Entry |
Configurations
History
25 Feb 2025, 19:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fabianros chat System
Fabianros |
|
CPE | cpe:2.3:a:fabianros:chat_system:1.0:*:*:*:*:*:*:* | |
References | () https://code-projects.org/ - Product | |
References | () https://github.com/Team-intN18-SoybeanSeclab/CVE/blob/main/sqlinject1.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.294359 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.294359 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.492911 - Third Party Advisory, VDB Entry | |
Summary |
|
02 Feb 2025, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-02-02 16:15
Updated : 2025-02-25 19:05
NVD link : CVE-2025-0967
Mitre link : CVE-2025-0967
CVE.ORG link : CVE-2025-0967
JSON object : View
Products Affected
fabianros
- chat_system