CVE-2024-4972

Name of the Vulnerable Software and Affected Versions code-projects Simple Chat System version 1.0

Description A critical issue has been found in the Simple Chat System, affecting an unknown part of the file /login.php. The manipulation of the email/password argument leads to SQL injection. It is possible to initiate the attack remotely.

Recommendations For version 1.0, patch immediately and validate input to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the /login.php endpoint until a patch is available.