SQL Injection Vulnerability in Zechat 1.5 by Bylancer
CVE-2018-25338

8.8HIGH

Key Information:

Vendor: Bylancer
Status: Zechat
Vendor: CVE Published:; 17 May 2026

🔔 Create Bylancer Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-25338?

Zechat version 1.5 has a SQL injection flaw in the hashtag parameter, enabling unauthenticated users to gain access to sensitive database information through union-based queries. By manipulating the hashtag parameter with specific payloads, attackers can leak critical details about database tables and columns, posing a significant risk to the integrity and confidentiality of the data.

Affected Version(s)

Zechat 1.5

References

https://www.exploit-db.com/exploits/44685

https://bylancer.com

https://www.vulncheck.com/advisories/zechat-sql-injection...

third-party-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 17, 2026
👾
Exploit known to exist
May 17, 2026
Vulnerability published
May 17, 2026
Vulnerability Reserved
May 17, 2026

Credit

Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com

CVE-2018-25338 Data

.