CVE-2018-25363 MEDIUM

CVE-2018-25363: Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php

Vendor Fyffe

Product PHP-Twitter-Clone

Weakness CWE-352 · CSRF

Published May 25, 2026

Last update May 26, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

Description

Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions.

Key dates

Disclosure timeline

May 25, 2026 CVE published

May 26, 2026 Record updated