Description
A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Published: 2026-05-25
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

KLiK SocialMediaWebsite version 1.0 contains a flaw in its HTTP POST Request Parameter Handler that permits attackers to manipulate input parameters and inject arbitrary payloads. The injection flaw is associated with CWE‑74 and CWE‑707 and could enable an attacker to alter the behavior of the application, potentially leading to compromise of confidentiality, integrity, or availability. The flaw is remotely exploitable and public exploits are available.

Affected Systems

This vulnerability affects KLiK SocialMediaWebsite 1.0. No other versions are listed in the CNA data, and the input indicates that the issue is confined to the HTTP POST handling component of that specific release.

Risk and Exploitability

With a CVSS score of 6.9 the vulnerability carries moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The publicly available exploit and remote attack vector suggest that the risk to systems exposed to the internet remains significant, especially if the application processes untrusted input without adequate validation.

Generated by OpenCVE AI on May 25, 2026 at 06:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a newer release that resolves the POST parameter injection flaw.
  • Implement strict validation and sanitization of all HTTP POST parameters to prevent malicious payloads from being processed.
  • Deploy a web application firewall to detect and block malformed or suspicious POST requests.

Generated by OpenCVE AI on May 25, 2026 at 06:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 05:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Title KLiK SocialMediaWebsite HTTP POST Request Parameter injection
First Time appeared Klik Socialmediawebsite
Klik Socialmediawebsite klik Socialmediawebsite
Weaknesses CWE-707
CWE-74
CPEs cpe:2.3:a:klik_socialmediawebsite:klik_socialmediawebsite:*:*:*:*:*:*:*:*
Vendors & Products Klik Socialmediawebsite
Klik Socialmediawebsite klik Socialmediawebsite
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Klik Socialmediawebsite Klik Socialmediawebsite
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-25T03:30:10.638Z

Reserved: 2026-05-24T06:52:22.575Z

Link: CVE-2026-9422

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T06:30:18Z

Weaknesses