A SQL injection vulnerability in Twitter-Clone 1 allows unauthenticated remote attackers to execute arbitrary SQL queries via the name parameter in search.php. The flaw permits error-based and union-based SQL injection techniques, enabling extraction of database contents including usernames, credentials, and system data. The vulnerability carries a HIGH severity CVSS 4.0 score of 8.8 with network attack v [truncated]
A SQL injection vulnerability exists in Twitter-Clone 1, specifically in the follow.php endpoint. The userid parameter fails to properly sanitize user input, allowing attackers to inject arbitrary SQL code. Successful exploitation enables union-based or time-based blind SQL injection attacks, potentially exposing sensitive database contents including user credentials and database configuration information [truncated]
