CVE-2026-6161
HIGHcode-projects Simple ChatBox Endpoint insert.php sql injection
Title source: cnaDescription
A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
Submit #796697 | code-projects Simple ChatBox In PHP 1.0 SQL Injection
https://vuldb.com/submit/796697
Exploit exploit
https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20in%20Simple%20Chatbox%20PHP%20msg%20Parameter.md
Product product
https://code-projects.org/
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-357041 | code-projects Simple ChatBox Endpoint insert.php sql injection
https://vuldb.com/vuln/357041
Signature, Permissions Required signature
permissions-required
VDB-357041 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/357041/cti
Scores
CVSS v3
7.3
EPSS
0.0025
EPSS Percentile
16.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
code-projects/Simple ChatBox
1.0
Published
Apr 13, 2026
Tracked Since
Apr 13, 2026