CVE-2005-4034

Name of the Vulnerable Software and Affected Versions Web4Future eDating Professional version 5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in several parameters, including s, pg, and sortb in "index.php", cid in "gift.php" and "fq.php", and cat in "articles.php".

Recommendations For Web4Future eDating Professional version 5, consider restricting access to the vulnerable parameters s, pg, sortb, cid, and cat in the respective files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints.