CVE-2019-25635

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile list endpoint. Attackers can inject SQL code via the up cast, s mother, and s religion parameters to extract sensitive database information using time-based or error-based techniques.