Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25339: Zechat 1.5 allows unauthenticated database information extraction
CVE-2018-25339
Summary
Zechat 1.5 has a security weakness that lets attackers get sensitive database information without needing a password. This could happen if someone enters a specific type of input into the chat software. To protect your users, update Zechat to a fixed version as soon as possible.
Original title
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit t...
Original description
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 17 May 2026 · Updated: 28 May 2026 · First seen: 17 May 2026