Search criteria
3 vulnerabilities found for PHP-Twitter-Clone by Fyffe
CVE-2018-25364 (GCVE-0-2018-25364)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-25 14:15
VLAI?
Title
Twitter-Clone 1 SQL Injection via search.php
Summary
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45247 | exploit |
| https://github.com/Fyffe/PHP-Twitter-Clone/ | product |
| https://www.vulncheck.com/advisories/twitter-clon… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fyffe | PHP-Twitter-Clone |
Affected:
1.0
|
Date Public ?
2018-08-22 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "PHP-Twitter-Clone",
"vendor": "Fyffe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "L0RD"
}
],
"datePublic": "2018-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:11.029Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45247",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45247"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://github.com/Fyffe/PHP-Twitter-Clone/"
},
{
"name": "VulnCheck Advisory: Twitter-Clone 1 SQL Injection via search.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/twitter-clone-1-sql-injection-via-search-php"
}
],
"title": "Twitter-Clone 1 SQL Injection via search.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25364",
"datePublished": "2026-05-25T14:15:11.029Z",
"dateReserved": "2026-05-24T13:47:24.088Z",
"dateUpdated": "2026-05-25T14:15:11.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25363 (GCVE-0-2018-25363)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-25 14:15
VLAI?
Title
Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php
Summary
Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45232 | exploit |
| https://github.com/Fyffe/PHP-Twitter-Clone/ | product |
| https://www.vulncheck.com/advisories/twitter-clon… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fyffe | PHP-Twitter-Clone |
Affected:
1.0
|
Date Public ?
2018-08-21 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "PHP-Twitter-Clone",
"vendor": "Fyffe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "L0RD"
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:10.194Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45232",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45232"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://github.com/Fyffe/PHP-Twitter-Clone/"
},
{
"name": "VulnCheck Advisory: Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/twitter-clone-1-cross-site-request-forgery-via-tweetdel-php"
}
],
"title": "Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25363",
"datePublished": "2026-05-25T14:15:10.194Z",
"dateReserved": "2026-05-24T13:31:38.682Z",
"dateUpdated": "2026-05-25T14:15:10.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25362 (GCVE-0-2018-25362)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:15 – Updated: 2026-05-25 14:15
VLAI?
Title
Twitter-Clone 1 SQL Injection via follow.php
Summary
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45230 | exploit |
| https://github.com/Fyffe/PHP-Twitter-Clone/ | product |
| https://www.vulncheck.com/advisories/twitter-clon… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fyffe | PHP-Twitter-Clone |
Affected:
1.0
|
Date Public ?
2018-08-21 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "PHP-Twitter-Clone",
"vendor": "Fyffe",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "L0RD"
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:15:09.503Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45230",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45230"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://github.com/Fyffe/PHP-Twitter-Clone/"
},
{
"name": "VulnCheck Advisory: Twitter-Clone 1 SQL Injection via follow.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/twitter-clone-1-sql-injection-via-follow-php"
}
],
"title": "Twitter-Clone 1 SQL Injection via follow.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25362",
"datePublished": "2026-05-25T14:15:09.503Z",
"dateReserved": "2026-05-24T13:30:45.539Z",
"dateUpdated": "2026-05-25T14:15:09.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}