CVE-2026-7103

LOW

code-projects Chat System MD5 Hash update_user.php weak hash

Title source: cna

Description

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/359678

[Signature, Permissions Required] https://vuldb.com/vuln/359678/cti

[Third Party Advisory] https://vuldb.com/submit/800384

[Related] https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2

[Product] https://code-projects.org/

Scores

CVSS v3 3.7

EPSS 0.0002

EPSS Percentile 5.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-327 CWE-328

Status published

Products (1)

code-projects/Chat System 1.0

Published Apr 27, 2026

Tracked Since Apr 27, 2026