Primary

Context

ITSourcecode Simple ChatBox SQL Injection Vulnerability in message.php

Vulnerability

A SQL injection vulnerability has been identified in ITSourcecode Simple ChatBox versions prior to 1.0. The issue resides in the file message.php, where improper handling of user input allows attackers to manipulate SQL queries and potentially access sensitive data.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log in as an admin user and send a message through the chatbox application. Include a crafted SQL payload in the 'rece' parameter that exploits the SQL injection vulnerability, such as one that causes a delay (e.g., using the 'sleep' function) to demonstrate the injection.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ITSourcecode Simple ChatBox SQL Injection Vulnerability in message.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating