This vulnerability affects KLiK SocialMediaWebsite versions 1.0.0 and 1.0.1 in the Private Message Handler component. An attacker can remotely manipulate the c_id parameter in the /includes/get_message_ajax.php script to perform SQL injection attacks. The CVSS 4.0 base score is 6.9, indicating a medium severity with network attack vector, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. No vendor advisory or patch information is provided, and no known exploits have been reported.

Successful exploitation of this vulnerability allows an unauthenticated remote attacker to perform SQL injection via the c_id parameter, potentially leading to unauthorized access or manipulation of the backend database. The impact is rated medium based on the CVSS score, reflecting limited but non-negligible confidentiality, integrity, and availability impacts.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the affected component or applying web application firewall rules to detect and block suspicious SQL injection attempts targeting the c_id parameter.