CVE-2026-6161

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://code-projects.org/
https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20in%20Simple%20Chatbox%20PHP%20msg%20Parameter.md
https://vuldb.com/submit/796697
https://vuldb.com/vuln/357041
https://vuldb.com/vuln/357041/cti

Published: Apr 13, 2026 05:16 UTC Modified: Apr 13, 2026 15:01 UTC