216.73.217.86

CVE-2018-25382

· Published 29/05/2026 16:16 · Modified 29/05/2026 16:29

Labels: CVE-2018-25382 2026-05-29CVE-2018-25382CWE-89[email protected]

Essential information

Published
29/05/2026 16:16
Modified
29/05/2026 16:29
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zechat / zechat cpe:2.3:a:zechat:zechat:1.5:*:*:*:*:*:*:*

References