CVE-2018-25362

HIGH

Twitter-Clone 1 SQL Injection via follow.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25362. PoCs published by L0RD.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Twitter-Clone 1, specifically in the 'userid' and 'username' parameters of follow.php and index.php. It includes payloads for Union-based and time-based blind SQLi attacks.

Description

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.

Exploits (1)

exploitdb WORKING POC

by L0RD · textwebappsphp

https://www.exploit-db.com/exploits/45230

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in Twitter-Clone 1, specifically in the 'userid' and 'username' parameters of follow.php and index.php. It includes payloads for Union-based and time-based blind SQLi attacks.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Twitter-Clone 1

No auth needed

Prerequisites: access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 25, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-45230

https://www.exploit-db.com/exploits/45230

Product product

Official Product Homepage

https://github.com/Fyffe/PHP-Twitter-Clone/

Third Party Advisory third-party-advisory

VulnCheck Advisory: Twitter-Clone 1 SQL Injection via follow.php

https://www.vulncheck.com/advisories/twitter-clone-1-sql-injection-via-follow-php

Scores

CVSS v3 8.2

EPSS 0.0031

EPSS Percentile 22.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

Fyffe/PHP-Twitter-Clone 1.0

Published May 25, 2026

Tracked Since May 25, 2026