CVE Catalog

CVE-2018-25362

High
Published: Translated: NVD NIST

Summary

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter.

Risk Assessment

Attackers can exploit this vulnerability to extract sensitive information from the database, including usernames, passwords, and database credentials, posing a serious security threat to the organization.

Recommendation

It is recommended to immediately update the application to the latest version and implement appropriate security measures such as input validation and sanitization.

Original NVD description (English source)

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS