CVE-2018-25221 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversi…
Critical CVSS: 9.3

CVE-2018-25221

EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context.
Vendor
Echatserver
Product
Easy Chat Server
CWE
CWE-787
Yayın Tarihi
2026-03-28 12:16:02
Güncelleme
2026-04-02 19:15:19
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-787 Easy Chat Server CRITICAL Echatserver 2026

Referanslar

https://www.exploit-db.com/exploits/44155 https://www.vulncheck.com/advisories/echat-server-buffer-overflow-via-chat-ghp-username-parameter