PT-2017-14935 · Unknown · Muslim Matrimonial Script
Ihsan Sencan
·
Publicado
2017-12-13
·
Atualizado
2017-12-26
·
CVE-2017-17639
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Muslim Matrimonial Script version 3.02
Description
The issue is related to SQL Injection, which can be exploited via the
succid parameter in the "success-story.php" API endpoint.Recommendations
For Muslim Matrimonial Script version 3.02, avoid using the
succid parameter in the "success-story.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "success-story.php" endpoint to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Muslim Matrimonial Script