CVE-2018-25362

Twitter-Clone 1 SQL Injection via follow.php

CVSS 8.8 HIGHEPSS 0.3%CWE-89

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Fyffe · PHP-Twitter-Clone

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45230unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Fyffe/PHP-Twitter-Clone/https://www.exploit-db.com/exploits/45230 https://www.vulncheck.com/advisories/twitter-clone-1-sql-injection-via-follow-php