{"api_version":"1","generated_at":"2026-04-27T16:04:59+00:00","cve":"CVE-2026-7103","urls":{"html":"https://cve.report/CVE-2026-7103","api":"https://cve.report/api/cve/CVE-2026-7103.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-7103","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-7103"},"summary":{"title":"code-projects Chat System MD5 Hash update_user.php weak hash","description":"A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-04-27 09:16:03","updated_at":"2026-04-27 13:16:03"},"problem_types":["CWE-327","CWE-328","CWE-328 Use of Weak Hash","CWE-327 Risky Cryptographic Algorithm"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","data":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"3.7","severity":"LOW","vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","data":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"2.6","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"2.6","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR","data":{"baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2","name":"https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/359678","name":"https://vuldb.com/vuln/359678","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/800384","name":"https://vuldb.com/submit/800384","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/359678/cti","name":"https://vuldb.com/vuln/359678/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://code-projects.org/","name":"https://code-projects.org/","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-7103","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7103","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"code-projects","product":"Chat System","version":"affected 1.0","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-04-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-04-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-04-26T11:09:44.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"c4ttr4ck (VulDB User)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-7103","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-27T12:27:19.588102Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-27T12:27:23.279Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:code-projects:chat_system:*:*:*:*:*:*:*:*"],"modules":["MD5 Hash Handler"],"product":"Chat System","vendor":"code-projects","versions":[{"status":"affected","version":"1.0"}]}],"credits":[{"lang":"en","type":"reporter","value":"c4ttr4ck (VulDB User)"}],"descriptions":[{"lang":"en","value":"A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized."}],"metrics":[{"cvssV4_0":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-328","description":"Use of Weak Hash","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-327","description":"Risky Cryptographic Algorithm","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-27T08:30:10.652Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-359678 | code-projects Chat System MD5 Hash update_user.php weak hash","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/359678"},{"name":"VDB-359678 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/359678/cti"},{"name":"Submit #800384 | code-projects Chat System Using PHP 1.0 nsecure Direct Object Reference (IDOR) + SQL Injection + Weak Pa","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/800384"},{"tags":["related"],"url":"https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2"},{"tags":["product"],"url":"https://code-projects.org/"}],"tags":["x_freeware"],"timeline":[{"lang":"en","time":"2026-04-26T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-04-26T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-04-26T11:09:44.000Z","value":"VulDB entry last update"}],"title":"code-projects Chat System MD5 Hash update_user.php weak hash"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-7103","datePublished":"2026-04-27T08:30:10.652Z","dateReserved":"2026-04-26T09:04:38.568Z","dateUpdated":"2026-04-27T12:27:23.279Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-27 09:16:03","lastModifiedDate":"2026-04-27 13:16:03","problem_types":["CWE-327","CWE-328","CWE-328 Use of Weak Hash","CWE-327 Risky Cryptographic Algorithm"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"7103","Ordinal":"1","Title":"code-projects Chat System MD5 Hash update_user.php weak hash","CVE":"CVE-2026-7103","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"7103","Ordinal":"1","NoteData":"A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.","Type":"Description","Title":"code-projects Chat System MD5 Hash update_user.php weak hash"}]}}}