Shafhasan Chatbox SQL Injection Vulnerability in chat.php
Vulnerability
A SQL injection vulnerability has been identified in Shafhasan Chatbox versions up to 156a39cde62f78532c3265a70eda12c70907e56f. The issue resides in the chat.php file, where the user_id parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, potentially leading to unauthorized access to user data, database leaks, and exposure of admin panel credentials.
Impact
Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, leading to unauthorized access and manipulation of database information. This could include extracting sensitive user data, administrative credentials, or causing disruption by modifying or deleting database records.
Reproduction
The vulnerability can be reproduced by sending a request to chat.php with a crafted user_id parameter that includes SQL injection payloads. This can be done manually or using automated tools like SQLmap, which can exploit the vulnerability and extract database information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.