CVE-2023-3004

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Chat System version 1.0

Description A critical issue has been found in the file /ajax.php?action=read msg of the component POST Parameter Handler. The manipulation of the convo id argument leads to sql injection. The attack may be launched remotely.

Recommendations For version 1.0, consider disabling the /ajax.php?action=read msg endpoint until a patch is available to prevent sql injection attacks via the convo id argument. At the moment, there is no information about a newer version that contains a fix for this vulnerability.