Zechat 1.5 SQL Injection via v parameter (time-based blind)

Advisories

Zechat 1.5 SQL Injection via v parameter (time-based blind)

severity: high
date: 5/17/2026
Affecting: Zechat <= 1.5
CVE: CVE-2018-25339
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS: 8.8
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-44685
Official Product Homepage
Credit: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
Description: Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo