CVE-2017-17615

HIGH

Facebook Clone Script 1.0 - SQL Injection via Friend-Profile ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17615. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Facebook Clone Script 1.0 via the 'id' parameter in 'friend-profile.php' and the 'send' parameter in 'process.php'. The PoC includes crafted SQL queries to extract database information such as user, database name, and version.

Description

Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/43280

This exploit demonstrates SQL injection vulnerabilities in Facebook Clone Script 1.0 via the 'id' parameter in 'friend-profile.php' and the 'send' parameter in 'process.php'. The PoC includes crafted SQL queries to extract database information such as user, database name, and version.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Facebook Clone Script 1.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43280/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/145320/Facebook-Clone-Script-1.0-SQL-Injection.html

Scores

CVSS v3 8.8
EPSS 0.0248
EPSS Percentile 82.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
facebook_clone_script_project/facebook_clone_script 1.0
Published Dec 13, 2017
Tracked Since Feb 18, 2026