A medium-severity unrestricted file upload vulnerability exists in KLiK SocialMediaWebsite 1.0, specifically within the `uniqid` function of `upload.inc.php`. The vulnerability allows remote attackers to upload arbitrary files without proper validation, potentially enabling code execution or other malicious activities. The exploit has been publicly disclosed and is actively exploitable. The CVSS 4.0 vecto [truncated]
A low-severity injection vulnerability in KLiK SocialMediaWebsite 1.0, affecting an unspecified HTTP GET request parameter handler. The vulnerability allows remote attackers to perform injection attacks. The exploit has been publicly disclosed. The CVE was published on 2026-05-25 and last modified on 2026-05-26. The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Outp [truncated]