CVE-2018-25334 – Zechat 1.5 Cross-Site Request Forgery (CSRF) via hashtag parameter

CVE ID :CVE-2018-25334

Published : May 17, 2026, 12:12 p.m. | 45 minutes ago

Description :Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user’s information by bypassing anti-CSRF protections. The application uses a CSRF token, but an attacker can use the hashtag parameter to inject an encoded payload and bypass the CSRF protection, allowing for unauthorized changes to user data. This can be exploited by tricking a user into submitting a crafted form or by using a script to obtain and set the CSRF token.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8752 – h2oai h2o-3 Rapids setproperty Primitive AstSetProperty.java exec access control

CVE-2026-8751 – h2oai h2o-3 JAR Model.java importBinaryModel deserialization

CVE-2026-8754 – AstrBotDevs AstrBot File Upload chat.py post_file path traversal

CVE-2018-25339 – Zechat 1.5 SQL Injection via v parameter (time-based blind)