CVE-2026-7103
LOWcode-projects Chat System MD5 Hash update_user.php weak hash
Title source: cnaDescription
A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-359678 | code-projects Chat System MD5 Hash update_user.php weak hash
https://vuldb.com/vuln/359678
Signature, Permissions Required signature
permissions-required
VDB-359678 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/359678/cti
Third Party Advisory third-party-advisory
Submit #800384 | code-projects Chat System Using PHP 1.0 nsecure Direct Object Reference (IDOR) + SQL Injection + Weak Pa
https://vuldb.com/submit/800384
Product product
https://code-projects.org/
Scores
CVSS v3
3.7
EPSS
0.0019
EPSS Percentile
8.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-327
CWE-328
Status
published
Products (1)
code-projects/Chat System
1.0
Published
Apr 27, 2026
Tracked Since
Apr 27, 2026