CVE-2018-25362

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N                                    

Vulnerability Description

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.

Vulnerability Details

Published Date

May 25, 2026

Last Modified

May 26, 2026

CWE ID

CWE-89

Source

NVD

Vendor

Fyffe

Product

PHP-Twitter-Clone

External References

https://github.com/Fyffe/PHP-Twitter-Clone/
https://www.exploit-db.com/exploits/45230
https://www.vulncheck.com/advisories/twitter-clone-1-sql-injection-via-follow-php

CVE-2018-25362

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment