CVE-2018-25364— Twitter-Clone 1 SQL Injection via search.php
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fyffe | PHP-Twitter-Clone | 1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25364
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Twitter-Clone 1 SQL Injection via search.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
twitter-clone SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
twitter-clone是Fiffe个人开发者的一个应用软件。Twitter克隆使用+ Vue 3 +轻快地去开发+ TailwindCSS + PostgreSQL +复述 Twitter-Clone 1版本存在SQL注入漏洞,该漏洞源于通过name参数注入恶意代码,可能导致未经身份验证的攻击者执行任意SQL查询。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Fyffe | PHP-Twitter-Clone | 1.0 | - |
II. Public POCs for CVE-2018-25364
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 7326 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2018-25364
请登录查看更多情报信息。
Exploits & Public PoCs for CVE-2018-25364 (1)
Other References for CVE-2018-25364 (2)
- 🔗 Twitter-Clone 1 SQL Injection via search.php | Advisories | VulnCheckthird-party-advisory
Same Patch Batch · Fyffe · 2026-05-25 · 3 CVEs total
| CVE-2018-25362 | 8.2 HIGH | Twitter-Clone 1 SQL Injection via follow.php |
| CVE-2018-25363 | 4.3 MEDIUM | Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php |
IV. Related Vulnerabilities
Same weakness: CWE-89
- CVE-2026-10204
OFCMS JSON Query SysUserController.java query sql injection - CVE-2026-10203
OFCMS JSON Query SystemParamController.java query sql inject - CVE-2026-10202
OFCMS JSON Query SystemDictController.java query sql injecti - CVE-2026-10193
OFCMS ComnController ComnController.java query sql injection - CVE-2026-10186
code-projects Online Hospital Management System patient.php
V. Comments for CVE-2018-25364
No comments yet