CVE-2026-9421

7.3 HIGH

A vulnerability was determined in KLiK SocialMediaWebsite 1.0

Published: 2026-05-25 · Last updated: 2026-05-26

Severity and scoring

CVSS: 7.3 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284, CWE-434

Description

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9421
[Other]https://vuldb.com/submit/813725
[Other]https://vuldb.com/vuln/365402
[Other]https://vuldb.com/vuln/365402/cti

Related CVEs

Same CWE

CVE-2026-40750 — Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server (9.9 CRITICAL)
CVE-2026-6933 — The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and inclu... (8.8 HIGH)
CVE-2026-47261 — Wasmtime is a runtime for WebAssembly (7.5 HIGH)
CVE-2026-40772 — Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
CVE-2026-39591 — Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions (9.9 CRITICAL)