vendor:
PHP MY DATING
by:
Hakxer
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP MY DATING
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
PHP MY DATING
A SQL injection vulnerability exists in the success_story.php script of the PHP MY DATING application. An attacker can exploit this vulnerability to gain access to the database, including the version and database name, as well as the admin ID and password. This is done by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable script.
Mitigation:
Ensure that user input is properly sanitized and validated before being used in SQL queries.