EUVD-2026-25677CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the attack remotely.
AnalysisAI
SQL injection in KLiK SocialMediaWebsite 1.0.1 and earlier allows remote unauthenticated attackers to execute arbitrary SQL commands via the c_id parameter in /includes/get_message_ajax.php. The vulnerability targets the private message handling component and permits unauthorized database access, modification, and potential data exfiltration. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running KLiK SocialMediaWebsite and verify installed versions against 1.0.1 and earlier; isolate or restrict network access to affected instances if upgrade is not immediately available. Within 7 days: Upgrade to the latest available version of KLiK SocialMediaWebsite beyond 1.0.1; if no patched version exists from the vendor, implement Web Application Firewall (WAF) rules blocking SQL injection patterns in the /includes/get_message_ajax.php endpoint and the c_id parameter. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today