Vulnerability
SQL Injection vulnerability in textMessage field in ChatEngine 1.0
Description
The Application does not sanitize or escape txtmessage parameter, making it vulnerable to sql injection. An attacker can put payload in the username field to exploit the sql injection vulnerability.
CVE-ID
CVE-2023-30325
Vendor
wliang6
Product
ChatEngine 1.0
Disclosure Timeline
Reported On: 01-04-2023
Made Public On: 06-07-2023
Fixed On: Not Fixed
Credits
Akshat Singhal