Vulnerability
SQL Injection in chatWindow functionality in ChatEngine 1.0
Description
The Application does not sanitize or escape username parameter, making it vulnerable to sql injection. An attacker can put payload in the username field to exploit the sql injection vulnerability.
CVE-ID
CVE-2023-30323
Vendor
wliang6
Product
ChatEngine 1.0
Disclosure Timeline
Reported On: 01-04-2023
Made Public On: 06-07-2023
Fixed On: Not Fixed
Credits
Akshat Singhal