40 matches found
CVE-2018-25334
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25338
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...
CVE-2018-25334
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25334
CVE-2018-25334 concerns Zechat 1.5 with a Cross-Site Request Forgery (CSRF) vulnerability that can bypass anti-CSRF protections via the hashtag parameter, enabling an attacker to induce unauthorized changes to user data. The root cause is described as exploitation of a CSRF token mechanism when a...
CVE-2018-25338
CVE-2018-25338 affects Zechat 1.5 via a SQL injection in the hashtag parameter. Unauthenticated attackers can use union-based payloads to enumerate database schema (tables/columns). The vulnerability enables potential data disclosure with high impact to confidentiality; no remediation details are...
EUVD-2018-21859
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...
CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...
CVE-2018-25338 Zechat 1.5 SQL Injection via hashtag parameter
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...
PT-2026-41564
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...
Bylancer Zechat SQL注入漏洞
Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability stems from SQL injections in the hashtag parameter,...
PT-2026-41560
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
SUSE CVE-2025-14822
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
CVE-2025-14822
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validate input size of hashtags in HTTP requests. An attacker can exhaust CPU resources by submitting a single HTTP request containing a post with thousands of space-separated...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validate input size of hashtags in HTTP requests. An attacker can exhaust CPU resources by submitting a single HTTP request containing a post with thousands of space-separated...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the validate input size of hashtags in HTTP requests. An attacker can exhaust CPU resources by submitting a single HTTP request containing a post with thousands of space-separated...
CVE-2025-14822
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...
CVE-2025-14822
Mattermost versions 10.11.x = 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a post with thousands space-separated tokens...