CVE-2019-25635

Name of the Vulnerable Software and Affected Versions Zeeways Matrimony CMS (affected versions not specified)

Description Multiple SQL injection flaws allow unauthenticated attackers to manipulate database queries through the 'profile list' endpoint. By injecting SQL code via the up cast, s mother, and s religion parameters, attackers can extract sensitive information from the database using time-based or error-based techniques. SQL injection is a flaw where an attacker can interfere with the queries that an application makes to its database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.