CVE-2018-25339
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.2 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Description
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-89
Source
NVD
Vendor
Bylancer
Product
Zechat
Discussion (0)
Add Comment
No comments yet. Be the first!