SQL Injection Vulnerability in KLiK SocialMediaWebsite by Msaad1999
CVE-2022-42098

8.8HIGH

Key Information:

Vendor: Klik-socialmediawebsite Project
Status: Klik-socialmediawebsite
Vendor: CVE Published:; 22 November 2022

🔔 Create Klik-socialmediawebsite Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-42098?

The KLiK SocialMediaWebsite version v1.0.1 contains a SQL Injection vulnerability through the profile.php file. This issue allows attackers to manipulate database queries by injecting malicious SQL code via user-supplied input. Successful exploitation of this vulnerability could enable unauthorized access to sensitive data and can compromise the integrity of the application. It is crucial for users of this version to apply necessary security measures and updates to safeguard their systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-42098
Created by bypazs

References

https://github.com/msaad1999/KLiK-SocialMediaWebsite/rele...

https://github.com/msaad1999/KLiK-SocialMediaWebsite

https://github.com/bypazs/CVE-2022-42098

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2022
Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Sep 28, 2022
👾
Exploit known to exist
Sep 28, 2022

CVE-2022-42098 Data

JSON