Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 02 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 29 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Bylancer
Bylancer zechat |
|
| Vendors & Products |
Bylancer
Bylancer zechat |
Fri, 29 May 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database. | |
| Title | Zechat 1.5 SQL Injection via uname Parameter | |
| First Time appeared |
Zechat Project
Zechat Project zechat |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:zechat_project:zechat:1.5:*:*:*:*:*:*:* | |
| Vendors & Products |
Zechat Project
Zechat Project zechat |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-02T01:30:41.849Z
Reserved: 2026-05-29T11:06:08.520Z
Link: CVE-2018-25382
Updated: 2026-06-02T01:30:37.251Z
Status : Deferred
Published: 2026-05-29T16:16:17.187
Modified: 2026-05-29T16:29:11.350
Link: CVE-2018-25382
No data.
OpenCVE Enrichment
Updated: 2026-05-29T20:15:06Z