Description
A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Published: 2026-04-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

An attacker can manipulate the SimpleChatbox_PHP function in the chatbox.sql Endpoint file to reveal file and directory information. This disclosure can expose sensitive configuration details or database backups, leading to potential credential theft or further attacks. The weakness is a form of information disclosure, matching CWE-200 and CWE-538.

Affected Systems

code-projects Simple ChatBox version 1.0 is affected. The vulnerability lies in the Endpoint component, specifically the chatbox.sql file and its SimpleChatbox_PHP function. Users running this version should be aware that these files are the attack surface.

Risk and Exploitability

With a CVSS score of 6.9, the vulnerability is rated as Medium severity. The exploit is available publicly and can be performed remotely, but EPSS is not listed, and the vulnerability is not in the KEV catalog. Given the public availability of the exploit and the lack of an immediate fix, the risk is moderate to high for installations that expose the Endpoint to untrusted networks.

Generated by OpenCVE AI on April 13, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify if a newer version of Simple ChatBox is available and upgrade immediately.
  • If no patch exists, restrict access to the Endpoint or chatbox.sql to trusted IP addresses or users, for example by firewall or .htaccess rules.
  • Keep monitoring vendor announcements, security advisories, and apply any later patches as soon as they become available.

Generated by OpenCVE AI on April 13, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple Chatbox
Vendors & Products Code-projects
Code-projects simple Chatbox

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Title code-projects Simple ChatBox Endpoint chatbox.sql SimpleChatbox_PHP file information disclosure
Weaknesses CWE-200
CWE-538
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Chatbox
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T04:30:22.947Z

Reserved: 2026-04-12T18:11:00.526Z

Link: CVE-2026-6160

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T05:16:05.420

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-6160

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:11Z

Weaknesses