vendor:
Dating Demo
by:
nuclear
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Dating Demo
Affected Version From: V9.01
Affected Version To: V9.01
Patch Exists: NO
Related CWE: N/A
CPE: a:scriptsden:dating_demo:9.01
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Scripts Den Dating Demo V9.01(searchmatch.php) SQL Injection Vulnerability
A SQL injection vulnerability exists in Scripts Den Dating Demo V9.01(searchmatch.php) which allows an attacker to execute arbitrary SQL commands on the vulnerable system. By sending a specially crafted HTTP request to the vulnerable application, an attacker can execute arbitrary SQL commands on the underlying database. This can be used to bypass authentication, access, modify and delete data within the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
