CVE-2018-25338

Zechat 1.5 SQL Injection via hashtag parameter

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Bylancer · Zechat

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/44685unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bylancer.com https://www.exploit-db.com/exploits/44685 https://www.vulncheck.com/advisories/zechat-sql-injection-via-hashtag-parameter