CVE-2026-7002 | KLiK SocialMediaWebsite up to 1.0.1 Private Message get_message_ajax.php c_id sql injection

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability described as critical has been identified in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection.

This vulnerability is registered as CVE-2026-7002. It is possible to launch the attack remotely. No exploit is available.

CVE-2026-7002 | KLiK SocialMediaWebsite up to 1.0.1 Private Message get_message_ajax.php c_id sql injection

Post correlati

CVE-2024-34525 | vastsa FileCodeBox 2.0 ENV File cleartext storage in a file or on disk (Issue 133)

CVE-2023-6935 | wolfSSL up to 5.6.4 RSA Marvin Attack information exposure

CVE-2024-28889 | F5 BIG-IP up to 15.1.10/16.1.4/17.1.1 SSL Profile denial of service (K000139404)

CVE-2023-49769 | SoftLab Integrate Google Drive Plugin up to 1.3.4 on WordPress cross-site request forgery