Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/ros | Exploit Third Party Advisory |
https://projectworlds.in | Product |
https://fluidattacks.com/advisories/ros | Exploit Third Party Advisory |
https://projectworlds.in | Product |
Configurations
History
21 Nov 2024, 08:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/ros - Exploit, Third Party Advisory | |
References | () https://projectworlds.in - Product |
13 Nov 2023, 17:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:projectworlds:online_matrimonial_project:1.0:*:*:*:*:*:*:* | |
First Time |
Projectworlds
Projectworlds online Matrimonial Project |
|
References | () https://projectworlds.in - Product | |
References | () https://fluidattacks.com/advisories/ros - Exploit, Third Party Advisory |
07 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-07 22:15
Updated : 2024-11-21 08:29
NVD link : CVE-2023-46800
Mitre link : CVE-2023-46800
CVE.ORG link : CVE-2023-46800
JSON object : View
Products Affected
projectworlds
- online_matrimonial_project
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')