Submit #800374: code-projects Chat System Using PHP 1.0 SQL Injection (Error-Based / UNION-Based) + Missing Authenticatiinfo

Titlecode-projects Chat System Using PHP 1.0 SQL Injection (Error-Based / UNION-Based) + Missing Authenticati
DescriptionA SQL Injection vulnerability combined with a complete absence of authentication was discovered in the delete chatroom functionality of Chat System Using PHP version 1.0, available at code-projects.org. The file deleteroom.php does not include session.php nor calls session_start() at any point — its only include is ../conn.php, which solely establishes the MySQL connection. This means the endpoint is entirely unauthenticated and publicly reachable.
Source⚠️ https://gist.github.com/higordiego/249c47b630ac0a586a4edd840c3fd0c3
User
 c4ttr4ck (UID 75518)
Submission04/08/2026 22:50 (3 months ago)
Moderation04/26/2026 10:23 (17 days later)
StatusDuplicate
VulDB entry289939 [code-projects Chat System 1.0 /admin/deleteroom.php ID sql injection]
Points0

Might our Artificial Intelligence support you?

Check our Alexa App!