CVE-2023-46791

Name of the Vulnerable Software and Affected Versions Online Matrimonial Project version 1.0

Description The issue concerns unauthenticated SQL Injection vulnerabilities. Specifically, the filename attribute of the pic3 multipart parameter in the functions.php resource does not validate the characters received, sending them unfiltered to the database.

Recommendations For Online Matrimonial Project version 1.0, consider validating and filtering user input for the filename attribute of the pic3 multipart parameter to prevent SQL Injection attacks. As a temporary workaround, restrict access to the functions.php resource to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.