| Title | code-projects Chat System Using PHP 1.0 SQL Injection (Error-Based / UNION-Based) + Missing Authenticati |
|---|
| Description | A SQL Injection vulnerability combined with a complete absence of authentication was discovered in the delete chatroom functionality of Chat System Using PHP version 1.0, available at code-projects.org.
The file deleteroom.php does not include session.php nor calls session_start() at any point — its only include is ../conn.php, which solely establishes the MySQL connection. This means the endpoint is entirely unauthenticated and publicly reachable. |
|---|
| Source | ⚠️ https://gist.github.com/higordiego/249c47b630ac0a586a4edd840c3fd0c3 |
|---|
| User | c4ttr4ck (UID 75518) |
|---|
| Submission | 04/08/2026 22:50 (3 months ago) |
|---|
| Moderation | 04/26/2026 10:23 (17 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 289939 [code-projects Chat System 1.0 /admin/deleteroom.php ID sql injection] |
|---|
| Points | 0 |
|---|