SQL Injection Vulnerability in Facebook Clone Script by Unknown Vendor
CVE-2017-17615

8.8HIGH

Key Information:

Vendor: Facebook Clone Script Project
Status: Facebook Clone Script
Vendor: CVE Published:; 13 December 2017

🔔 Create Facebook Clone Script Project Vulnerability Alert

What is CVE-2017-17615?

The Facebook Clone Script 1.0 is susceptible to SQL Injection attacks via the 'id' parameter in friend-profile.php. This allows attackers to manipulate database queries, potentially gaining unauthorized access to sensitive user information and compromising the security of the application. System administrators and users of this script should review their deployment for this vulnerability and apply necessary security measures to protect their environments.

References

https://www.exploit-db.com/exploits/43280/

exploitx_refsource_EXPLOIT-DB

https://packetstormsecurity.com/files/145320/Facebook-Clo...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2017
Vulnerability Reserved
Dec 13, 2017