CVE Catalog

CVE-2018-25364

High
Published: Translated: NVD NIST

Summary

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'name' parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data.

Risk Assessment

This vulnerability poses a serious risk to organizations, allowing attackers to access sensitive information and potentially take control of the system. Data extraction from the database may lead to privacy breaches and loss of trust in the system.

Recommendation

It is recommended to immediately patch the vulnerability by validating and sanitizing input data in the 'name' parameter. Additionally, consider implementing security mechanisms such as restricting access to endpoints and monitoring for suspicious activity.

Original NVD description (English source)

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS