Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated malicious users to read, modify, and delete database records.