Home

Description

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.

PUBLISHED Reserved 2026-04-26 | Published 2026-04-27 | Updated 2026-04-27 | Assigner VulDB




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
LOW: 3.7CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
2.6AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Use of Weak Hash

Risky Cryptographic Algorithm

Product status

1.0
affected

Timeline

2026-04-26:Advisory disclosed
2026-04-26:VulDB entry created
2026-04-26:VulDB entry last update

Credits

c4ttr4ck (VulDB User) reporter

References

gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2 exploit

vuldb.com/vuln/359678 (VDB-359678 | code-projects Chat System MD5 Hash update_user.php weak hash) vdb-entry technical-description

vuldb.com/vuln/359678/cti (VDB-359678 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/800384 (Submit #800384 | code-projects Chat System Using PHP 1.0 nsecure Direct Object Reference (IDOR) + SQL Injection + Weak Pa) third-party-advisory

gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2 related

code-projects.org/ product

cve.org (CVE-2026-7103)

nvd.nist.gov (CVE-2026-7103)

Download JSON