Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25338: Zechat 1.5 Hashtag Parameter SQL Injection Risk
CVE-2018-25338
Summary
Zechat 1.5 is affected. Attackers can extract database information without logging in. Update to a secure version of Zechat to fix this issue.
Original title
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit ...
Original description
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 17 May 2026 · Updated: 28 May 2026 · First seen: 17 May 2026