Skip to content
CVSS 7.3 · HIGH

CVE-2026-7002

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the attack remotely.

View on NVD

Analysis

This is a remote SQL injection vulnerability in KLiK SocialMediaWebsite, a niche social networking script. While the impact is high, the product has very limited deployment and does not affect the infrastructure or tools used by the professional development community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-89

EPSS

Probability of exploitation (next 30 days): 0.0003 (0.0%)
Percentile: 10.0%
EPSS: 2026-05-06

Technical description

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the attack remotely.

Published: 4/25/2026, 10:16:19 PM
Last modified: 4/27/2026, 6:46:41 PM

References

HomeEventsBlogResourcesTeam