{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-7103","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-04-26T09:04:38.568Z","datePublished":"2026-04-27T08:30:10.652Z","dateUpdated":"2026-04-27T12:27:23.279Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-04-27T08:30:10.652Z"},"title":"code-projects Chat System MD5 Hash update_user.php weak hash","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-328","lang":"en","description":"Use of Weak Hash"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-327","lang":"en","description":"Risky Cryptographic Algorithm"}]}],"affected":[{"vendor":"code-projects","product":"Chat System","versions":[{"version":"1.0","status":"affected"}],"cpes":["cpe:2.3:a:code-projects:chat_system:*:*:*:*:*:*:*:*"],"modules":["MD5 Hash Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.7,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.7,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-04-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-04-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-04-26T11:09:44.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"c4ttr4ck (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/vuln/359678","name":"VDB-359678 | code-projects Chat System MD5 Hash update_user.php weak hash","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/vuln/359678/cti","name":"VDB-359678 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/submit/800384","name":"Submit #800384 | code-projects Chat System Using PHP 1.0 nsecure Direct Object Reference (IDOR) + SQL Injection + Weak Pa","tags":["third-party-advisory"]},{"url":"https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2","tags":["related"]},{"url":"https://code-projects.org/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"references":[{"url":"https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-27T12:27:19.588102Z","id":"CVE-2026-7103","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-27T12:27:23.279Z"}}]}}