Primary

Context

ITSourcecode Simple ChatBox SQL Injection Vulnerability in Delete Function

Vulnerability

A SQL injection vulnerability has been identified in ITSourcecode Simple ChatBox versions through 1.0. The issue resides in the delete.php file, where improper handling of user input allows attackers to manipulate SQL queries. This exploitation could lead to unauthorized access to sensitive data.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could result in unauthorized data access, data manipulation, or in some cases, executing administrative operations within the application.

Reproduction

To reproduce this vulnerability, an admin user must be logged in. Send a GET request to chatbox/admin/delete.php with a crafted 'u' or 'a' parameter that includes SQL injection payloads. The injected SQL code will be executed by the application, demonstrating the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ITSourcecode Simple ChatBox SQL Injection Vulnerability in Delete Function

Vulnerability

Impact

Reproduction

Affected Products

ITSourcecode Simple ChatBox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating