What is GHSA-g3jh-2c96-x65c?

GHSA-g3jh-2c96-x65c is a security advisory published by GitHub Security Advisories with High severity. Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to...

Which CVE IDs does GHSA-g3jh-2c96-x65c cover?

GHSA-g3jh-2c96-x65c covers the following CVE IDs: CVE-2018-25382. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-g3jh-2c96-x65c?

GHSA-g3jh-2c96-x65c has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-g3jh-2c96-x65cHighCVSS 8.2

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2018-25382 →

📋 Description

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25382
https://bylancer.com
https://bylancer.com/products/zechat-php-script/index.php
https://www.exploit-db.com/exploits/45523
https://www.vulncheck.com/advisories/zechat-sql-injection-via-uname-parameter
https://github.com/advisories/GHSA-g3jh-2c96-x65c