CVE-2018-25362
Severity CVSS v4.0:
HIGH
Type:
CWE-89
SQL Injection
Publication date:
25/05/2026
Last modified:
17/06/2026
Description
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.
Impact
Base Score 4.0
8.80
Severity 4.0
HIGH
Base Score 3.x
8.20
Severity 3.x
HIGH



