| Title | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 SQL Injection |
|---|
| Description | SQL Injection vulnerability in /includes/get_message_ajax.php via c_id parameter. Unauthenticated attackers can execute arbitrary SQL commands using time-based blind injection (SLEEP(5)) and UNION-based injection to extract database information including user credentials, private messages, and system data. |
|---|
| Source | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| User | g111 (UID 92409) |
|---|
| Submission | 04/05/2026 07:54 (3 months ago) |
|---|
| Moderation | 04/24/2026 22:22 (20 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 359561 [KLiK SocialMediaWebsite up to 1.0.1 Private Message get_message_ajax.php c_id sql injection] |
|---|
| Points | 18 |
|---|