CVE-2006-3271

Name of the Vulnerable Software and Affected Versions Softbiz Dating version 1.0

Description The issue allows remote attackers to execute SQL commands, potentially leading to data manipulation or extraction. This is achieved through SQL injection vulnerabilities in several parameters across different PHP files. Specifically, the vulnerabilities are found in the country and sort by parameters in "search results.php", the browse parameter in "featured photos.php", and the cid parameter in "products.php", "index.php", and "news desc.php". API Endpoints:

Recommendations For Softbiz Dating version 1.0, as a temporary workaround, consider restricting access to the vulnerable parameters country, sort by, browse, and cid in the affected PHP files until a patch is available. Avoid using these parameters in the respective API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.