| शीर्षक | code-projects Chat System Using PHP 1.0 SQL Injection (Error-Based / Blind) + Missing Authentication |
|---|
| विवरण | A SQL Injection vulnerability combined with missing authentication was discovered in the update chatroom functionality of Chat System Using PHP version 1.0, available at code-projects.org.
The file update_room.php includes only ../conn.php (database connection) — there is no call to session_start(), no inclusion of session.php, and no access control check of any kind. The endpoint is fully accessible by unauthenticated anonymous users. |
|---|
| स्रोत | ⚠️ https://gist.github.com/higordiego/0e17779b3168e61a704db12e032ae8c3 |
|---|
| उपयोगकर्ता | c4ttr4ck (UID 75518) |
|---|
| सबमिशन | 08/04/2026 11:17 PM (2 महीनों पहले) |
|---|
| संयम | 26/04/2026 10:23 AM (17 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 289769 [code-projects Chat System 1.0 /admin/update_room.php id/name/password SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|