Skip to main content

Zechat

4 CVEs product

Monthly

CVE-2018-25334 MEDIUM POC This Month

Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zechat
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2018-25339 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25338 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-5978 CRITICAL POC Act Now

SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zechat
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.7%
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zechat
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zechat
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy