HIGH
Bylancer
CVE published 2026-05-29
CVE-2018-25382
CVE-2018-25382 documents an unauthenticated SQL injection vulnerability in Zechat 1.5, a PHP-based chat application. The flaw resides in the `uname` parameter of `profile.php`, where insufficient input sanitization allows attackers to inject arbitrary SQL code. Successful exploitation enables extraction of database schema information and sensitive data via UNION-based injection techniques targeting the `i [truncated]