Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

KLiK SocialMediaWebsite

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-9422
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 03:30
Updated-25 May, 2026 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KLiK SocialMediaWebsite HTTP POST Request Parameter injection

A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST Request Parameter Handler. Such manipulation leads to injection. The attack can be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-n/a
Product-KLiK SocialMediaWebsite
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-9421
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 03:15
Updated-25 May, 2026 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-n/a
Product-KLiK SocialMediaWebsite
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-9420
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-25 May, 2026 | 03:00
Updated-25 May, 2026 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
KLiK SocialMediaWebsite HTTP GET Request Parameter injection

A vulnerability was found in KLiK SocialMediaWebsite 1.0. This affects an unknown part of the component HTTP GET Request Parameter Handler. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-n/a
Product-KLiK SocialMediaWebsite
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')