Submit #800382: code-projects Chat System Using PHP 1.0 SQL Injection (Error-Based / Blind) + Missing Authenticationinfo

Titlecode-projects Chat System Using PHP 1.0 SQL Injection (Error-Based / Blind) + Missing Authentication
DescriptionA SQL Injection vulnerability combined with missing authentication was discovered in the update chatroom functionality of Chat System Using PHP version 1.0, available at code-projects.org. The file update_room.php includes only ../conn.php (database connection) — there is no call to session_start(), no inclusion of session.php, and no access control check of any kind. The endpoint is fully accessible by unauthenticated anonymous users.
Source⚠️ https://gist.github.com/higordiego/0e17779b3168e61a704db12e032ae8c3
User
 c4ttr4ck (UID 75518)
Submission04/08/2026 23:17 (3 months ago)
Moderation04/26/2026 10:23 (17 days later)
StatusDuplicate
VulDB entry289769 [code-projects Chat System 1.0 /admin/update_room.php id/name/password sql injection]
Points0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!