CVE-2018-25364

HIGH

Twitter-Clone 1 SQL Injection via search.php

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25364. PoCs published by L0RD.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Twitter-Clone 1 via three endpoints (search.php, mailactivation.php, stalkers.php) with specific payloads for error-based and union-based SQLi. The vulnerable code snippets show direct interpolation of user input into SQL queries without sanitization.

Description

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.

Exploits (1)

exploitdb WORKING POC
by L0RD · textwebappsphp
https://www.exploit-db.com/exploits/45247

The exploit demonstrates SQL injection vulnerabilities in Twitter-Clone 1 via three endpoints (search.php, mailactivation.php, stalkers.php) with specific payloads for error-based and union-based SQLi. The vulnerable code snippets show direct interpolation of user input into SQL queries without sanitization.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Twitter-Clone 1
No auth needed
Prerequisites: access to vulnerable endpoints · SQL injection payloads
devstral-2 · analyzed May 25, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-45247
https://www.exploit-db.com/exploits/45247
Product product
Official Product Homepage
https://github.com/Fyffe/PHP-Twitter-Clone/
Third Party Advisory third-party-advisory
VulnCheck Advisory: Twitter-Clone 1 SQL Injection via search.php
https://www.vulncheck.com/advisories/twitter-clone-1-sql-injection-via-search-php

Scores

CVSS v3 8.2
EPSS 0.0034
EPSS Percentile 25.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Fyffe/PHP-Twitter-Clone 1.0
Published May 25, 2026
Tracked Since May 25, 2026