CVE-2026-7002 PUBLISHED

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the attack remotely.

• g111 (VulDB User) reporter
• VulDB Vulnerability Moderation Team coordinator

• VDB-359561 | KLiK SocialMediaWebsite Private Message get_message_ajax.php sql injection
• VDB-359561 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #797302 | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 SQL Injection

• SQL Injection CWE
• Injection CWE