top of page
perceptive_background_267k.jpg

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname…

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 17:11:07

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

CVE-2018-25382 is a SQL injection vulnerability in Zechat 1.5 that allows unauthenticated attackers to extract database information. The vulnerability exists in the uname parameter of profile.php, where attackers can inject UNION-based SQL payloads. Exploitation enables retrieval of table names, column names, and sensitive data from the information_schema database. The vulnerability requires no authentication, making it particularly dangerous. Proof-of-concept exploits are publicly available.

Technical details

Mitigation steps:

Affected products:

Zechat

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2018-25382
https://bylancer.com/
https://bylancer.com/products/zechat-php-script/index.php
https://www.exploit-db.com/exploits/45523
https://www.vulncheck.com/advisories/zechat-sql-injection-via-uname-parameter

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page