SQL Injection Vulnerability in KLiK SocialMediaWebsite by SourceCodester
CVE-2026-7002

6.9MEDIUM

Key Information:

Vendor: Klik
Status: Socialmediawebsite
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-7002?

A vulnerability exists in KLiK SocialMediaWebsite versions up to 1.0.1, allowing for SQL injection through improper handling of the c_id parameter in the /includes/get_message_ajax.php file of the Private Message Handler component. This flaw enables attackers to execute arbitrary SQL commands remotely, compromising the database integrity and potentially exposing sensitive user data.

Affected Version(s)

SocialMediaWebsite 1.0.0

SocialMediaWebsite 1.0.1

References

https://vuldb.com/vuln/359561

vdb-entrytechnical-description

https://vuldb.com/vuln/359561/cti

signaturepermissions-required

https://vuldb.com/submit/797302

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Apr 24, 2026

Credit

g111 (VulDB User)

VulDB Vulnerability Moderation Team

CVE-2026-7002 Data

JSON