CVE-2024-13039: code-projects Simple Chat System add_user.php sql injection

5.3 CVSS

Description

A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /add_user.php. The manipulation of the argument name/email/password/number leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in code-projects Simple Chat System 1.0 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /add_user.php. Durch Beeinflussen des Arguments name/email/password/number mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2024-13039

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: code-projects

Product: Simple Chat System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.83% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://vuldb.com/?id.289772
https://vuldb.com/?ctiid.289772
https://vuldb.com/?submit.471644
https://github.com/Curious-L/-/issues/1
https://code-projects.org/

Timeline

2024-12-31 00:30:19 UTC
CVE

code-projects Simple Chat System add_user.php sql injection