Vulnerabilities ›

CVE-2026-6160

Medium

CWE-200 — Weakness Type

                    Published: Apr 13, 2026                      ·  Modified: Apr 16, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

🤖 AI Executive Summary

CVE-2026-6160 is a file and directory information exposure vulnerability in Simple ChatBox 1.0 that can be exploited remotely through the SimpleChatbox_PHP function. The vulnerability allows attackers to access sensitive file and directory information, potentially leading to further system compromise.

📄 Description (Arabic)

يتعلق هذا الثغرة بتطبيق Simple ChatBox الإصدار 1.0 حيث يمكن للمهاجمين الوصول عن بعد إلى معلومات الملفات والمجلدات من خلال دالة SimpleChatbox_PHP. يمكن استخدام هذا الكشف عن المعلومات كنقطة انطلاق للهجمات الأكثر خطورة على الأنظمة المتأثرة.

🤖 ملخص تنفيذي (AI)

A vulnerability in Simple ChatBox 1.0 allows remote attackers to expose file and directory information through the SimpleChatbox_PHP endpoint function. This information disclosure could facilitate reconnaissance for more severe attacks on affected systems.

🤖 AI Intelligence Analysis Analyzed: Apr 13, 2026 18:55

🇸🇦 Saudi Arabia Impact Assessment

Relevance: medium

🏢 Affected Saudi Sectors

Web Applications Software Development IT Services E-commerce Customer Support Systems

🎯 MITRE ATT&CK Techniques

T1526 T1087 T1592

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

1. Immediately update Simple ChatBox to the latest patched version. 2. Implement input validation and sanitization on all endpoint functions. 3. Restrict file system access permissions to minimum required levels. 4. Disable directory listing in web server configuration. 5. Apply Web Application Firewall (WAF) rules to block suspicious file enumeration attempts. 6. Monitor access logs for exploitation attempts. 7. Conduct security audit of affected systems.

🔧 خطوات المعالجة (العربية)

1. قم بتحديث Simple ChatBox إلى أحدث إصدار معصحح فوراً. 2. طبق التحقق من صحة المدخلات على جميع وظائف النقاط النهائية. 3. قيد صلاحيات الوصول لنظام الملفات للحد الأدنى المطلوب. 4. عطل قائمة المجلدات في إعدادات خادم الويب. 5. طبق قواعد جدار حماية تطبيقات الويب لحجب محاولات تعداد الملفات المريبة. 6. راقب سجلات الوصول لمحاولات الاستغلال. 7. أجرِ تدقيق أمني لأنظمة التأثر.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

ID.AM-2 PR.DS-1 DE.CM-1

🟡 ISO 27001:2022

A.14.2.1 A.12.6.1 A.13.1.1

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclos...

cna@vuldb.com

🔗

https://vuldb.com/submit/796696

cna@vuldb.com

🔗

https://vuldb.com/vuln/357040

cna@vuldb.com

🔗

https://vuldb.com/vuln/357040/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-200

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-04-13

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-200

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-6160

Introduce Yourself

Sign In Required