Description
A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Published: 2026-05-25
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the HTTP GET request handling component of KLiK SocialMediaWebsite 1.0, allowing injection of malicious input through URL parameters. The flaw is rooted in missing input validation (CWE-74) and may result in information leakage (CWE-707). Attackers can exploit this remotely by manipulating GET requests to inject code or data, which does not necessarily lead to code execution but can compromise confidentiality or enable further attacks if combined with other weaknesses.

Affected Systems

KLiK SocialMediaWebsite 1.0 is the product identified as vulnerable. The flaw resides in the component that processes HTTP GET request parameters. No other versions are mentioned as affected.

Risk and Exploitability

The CVSS base score is 5.3, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, but it is publicly known and can be exploited remotely via HTTP GET requests. Attackers can use the vulnerability to inject malicious input, potentially leading to higher impact if additional weaknesses exist.

Generated by OpenCVE AI on May 25, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest patch or update from KLiK SocialMediaWebsite that addresses the HTTP GET parameter injection flaw.
  • Configure network controls to limit access to the affected endpoint, enabling only trusted IP addresses or whitelisting.
  • Implement proper input validation for all HTTP GET parameters to guard against injection and enforce strict parameter whitelisting.

Generated by OpenCVE AI on May 25, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Title KLiK SocialMediaWebsite HTTP GET Request Parameter injection
First Time appeared Klik Socialmediawebsite
Klik Socialmediawebsite klik Socialmediawebsite
Weaknesses CWE-707
CWE-74
CPEs cpe:2.3:a:klik_socialmediawebsite:klik_socialmediawebsite:*:*:*:*:*:*:*:*
Vendors & Products Klik Socialmediawebsite
Klik Socialmediawebsite klik Socialmediawebsite
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Klik Socialmediawebsite Klik Socialmediawebsite
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T03:00:12.536Z

Reserved: 2026-05-24T06:51:54.205Z

Link: CVE-2026-9420

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T05:00:12Z

Weaknesses