CVE-2023-46793

Name of the Vulnerable Software and Affected Versions Online Matrimonial Project version 1.0

Description The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the day parameter in the register() function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. This lack of validation allows for potential SQL injection attacks.

Recommendations For Online Matrimonial Project version 1.0, ensure proper validation and filtering of the day parameter in the register() function to prevent SQL injection attacks. As a temporary workaround, consider disabling the register() function until a patch is available. Restrict access to the functions.php resource to minimize the risk of exploitation. Avoid using the day parameter in the affected function until the issue is resolved.