Login Sign Up

CVE-2025-7189

6.3 MEDIUM
SQL Injection

📋 TL;DR

A critical SQL injection vulnerability exists in code-projects Chat System 1.0 through the /user/send_message.php file's msg parameter. Attackers can remotely execute arbitrary SQL commands to potentially access, modify, or delete database contents. All deployments of Chat System 1.0 with the vulnerable file accessible are affected.

💻 Affected Systems

Products:
  • code-projects Chat System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation. Requires /user/send_message.php to be accessible.

📦 What is this software?

Chat System by Fabian

View all CVEs affecting Chat System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, message manipulation, user information theft, and potential privilege escalation within the chat system.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or minimal data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on GitHub. SQL injection via msg parameter is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://code-projects.org/

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. If no patch available, implement workarounds. 3. Consider replacing with supported software.

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameterized queries and input validation to /user/send_message.php

Modify PHP code to use prepared statements: $stmt = $conn->prepare('INSERT INTO messages (msg) VALUES (?)'); $stmt->bind_param('s', $msg);

Web Application Firewall

all

Deploy WAF with SQL injection rules to block malicious requests

🧯 If You Can't Patch

  • Block external access to /user/send_message.php via firewall rules
  • Implement database user with minimal permissions (read-only if possible)

🔍 How to Verify

Check if Vulnerable:

Test /user/send_message.php with SQL injection payloads like: msg=test' OR '1'='1

Check Version:

Check software documentation or about page for version information

Verify Fix Applied:

Test with same payloads - should return error or no database interaction

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed message submissions with SQL syntax
  • Requests to /user/send_message.php with SQL keywords

Network Indicators:

  • POST requests to /user/send_message.php containing SQL injection patterns
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri_path="/user/send_message.php" AND (msg="*' OR*" OR msg="*UNION*" OR msg="*SELECT*" OR msg="*INSERT*")

📊 Metadata

CVE ID: CVE-2025-7189
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (8.1th percentile)
Published: July 8, 2025
Last Updated: October 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7189, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)