Malicious code in 0x2ai-demo3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...

MAL-2026-5588 Malicious code in 0x2ai-demo10x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c4c4b3e66489f3a4383df5e62540498343c5ab3a5ce145df5733b2820efc71b On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, process.env.INITCWD, recursive: true , copying.mcp.json,...

Malicious code in 0x2ai-demo10x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c4c4b3e66489f3a4383df5e62540498343c5ab3a5ce145df5733b2820efc71b On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, process.env.INITCWD, recursive: true , copying.mcp.json,...

MAL-2026-5593 Malicious code in 0x2ai-demo6x (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf57dfddd0bfd0def03360ae66ea88dd6d4e875cbcb42880a4277eb2d1df269a On npm install, scripts/postinstall.cjs recursively copies the package's payload/ directory into process.env.INITCWD the installer's project root,...

Malicious code in 0x2ai-demo1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdc7c661d4867578d3dd920010bccc1e79fcae8753b5bf549f44ea8a45cde502 On npm install, scripts/postinstall.cjs runs fs.cpSyncpayload, cwd, recursive: true with cwd=process.env.INITCWD || process.cwd — recursively writing...

admin 安全漏洞

admin is a chatroom software developed by z-9527 as an individual developer. Both the 1.0 and 2.0 versions of admin have security vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter “isAdmin” in the file/server/routes/user.js, which may lead to the dynamic...

admin 路径遍历漏洞

Admin is a chatroom software developed by Z-9527. There is a path traversal vulnerability in Admin, which stems from incorrect handling of the fileType parameter, potentially leading to path traversal...

admin SQL注入漏洞

Admin is a chatroom software developed by Z-9527 as an individual developer. Versions 1.0 and 2.0 of Admin have SQL injection vulnerabilities. These vulnerabilities stem from incorrect operations on the functions checkName/register/login/getUser/getUsers in the file/server/controller/user.js, whi...

CVE-2022-31788

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0= pathname...

EUVD-2006-6512

Malware in sbrugna...

EUVD-2006-6511

Malware in sbrugna...

EUVD-2022-0182

Malicious code in bioql PyPI...

CVE-2006-6529

The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview...

Chat System add_chatroom.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the chatname/chatpass parameters of the /user/addchatroom.php file. An attacker can exploit this vulnerability to execute illega...

CVE-2025-0967

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/addchatroom.php. The manipulation of the argument chatname/chatpass leads to sql injection. The attack may be initiated remotely. The exploit has bee...

PT-2025-4115 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue affects some unknown processing of the file /user/add chatroom.php. The manipulation of the argument chatname/chatpass leads to SQL injection. The attack may be initiated...

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the chatname/chatpass parameters of the /user/addchatroom.php file. An attacker can exploit this vulnerability to execute illega...

CVE-2024-13033

A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The...

Simple Chat System 代码注入漏洞

Chat System is a chat system. The Chat System suffers from a cross-site scripting vulnerability that stems from a lack of adequate validation and filtering of id parameter input in the file /admin/chatroom.php. The vulnerability can be exploited to inject arbitrary web script into a page by...

Chat System chatroom.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from an SQL injection vulnerability that stems from the file /admin/chatroom.php not adequately validating and filtering the input of the id parameter. An attacker can exploit this vulnerability to obtain sensitive information...