CVE-2023-46788

Name of the Vulnerable Software and Affected Versions Online Matrimonial Project version 1.0

Description The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the id parameter in the uploadphoto() function of the functions.php resource does not validate the characters received, and they are sent unfiltered to the database.

Recommendations For Online Matrimonial Project version 1.0, as a temporary workaround, consider disabling the uploadphoto() function until a patch is available. Restrict access to the functions.php resource to minimize the risk of exploitation. Avoid using the id parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.