CVE-2018-25334

Name of the Vulnerable Software and Affected Versions Zechat version 1.5

Description Cross-Site Request Forgery (CSRF) allows an attacker to modify user information by bypassing anti-CSRF protections. Although the application implements a CSRF token, an attacker can inject an encoded payload via the hashtag parameter to circumvent this protection. This is achieved by tricking a user into submitting a crafted form or utilizing a script to obtain and set the CSRF token.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.