CVE-2026-7103

low-risk

Published 2026-04-27

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

References (6)

https://code-projects.org/

https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2

https://vuldb.com/submit/800384

https://vuldb.com/vuln/359678

https://vuldb.com/vuln/359678/cti

https://gist.github.com/higordiego/84ae7f08f5c23debebf309de3920bda2

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal