Skip to content
CVSS 7.3 · HIGH

CVE-2026-7002

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the attack remotely.

Ver en NVD

Análisis

This is a remote SQL injection vulnerability in KLiK SocialMediaWebsite, a niche social networking script. While the impact is high, the product has very limited deployment and does not affect the infrastructure or tools used by the professional development community.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0003 (0.0%)
Percentil: 10.0%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the attack remotely.

Publicada: 25/4/2026, 22:16:19
Última modificación: 27/4/2026, 18:46:41

Referencias

InicioEventosBlogRecursosEquipo