CVE-2026-7002

Name of the Vulnerable Software and Affected Versions KLiK SocialMediaWebsite versions prior to 1.0.2

Description An issue exists in the Private Message Handler component within the file '/includes/get message ajax.php'. Remote attackers can perform SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution, by manipulating the c id argument.

Recommendations Update to a version later than 1.0.1. As a temporary workaround, restrict access to the '/includes/get message ajax.php' file or avoid using the c id argument until a patch is applied.