45 matches found
CVE-2018-25382
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2018-25382
Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...
EUVD-2018-21904
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
Bylancer Zechat SQL注入漏洞
Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...
CVE-2018-25334
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25339
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
CVE-2018-25338
Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter with union-based payloads to retrieve table and column names...
CVE-2018-25334
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25334 Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25334
CVE-2018-25334 concerns Zechat 1.5 with a Cross-Site Request Forgery (CSRF) vulnerability that can bypass anti-CSRF protections via the hashtag parameter, enabling an attacker to induce unauthorized changes to user data. The root cause is described as exploitation of a CSRF token mechanism when a...
EUVD-2018-21861
Zechat 1.5 contains a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF...
CVE-2018-25339
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that enables unauthenticated attackers to extract database information via time-based blind techniques. Exploitation can be performed to confirm vulnerability and retrieve data, indicating potential impact to confidentiality. Th...
CVE-2018-25339 Zechat 1.5 SQL Injection via v parameter (time-based blind)
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
CVE-2018-25339
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
CVE-2018-25339 Zechat 1.5 SQL Injection via v parameter (time-based blind)
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
EUVD-2018-21858
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
CVE-2018-25338
CVE-2018-25338 affects Zechat 1.5 via a SQL injection in the hashtag parameter. Unauthenticated attackers can use union-based payloads to enumerate database schema (tables/columns). The vulnerability enables potential data disclosure with high impact to confidentiality; no remediation details are...