header-logo
Suggest Exploit
vendor:
aeDating
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: aeDating
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:aewebworks:aedating
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SQL Injection in AEwebworks aeDating

AEwebworks aeDating is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, using parameterized queries or prepared statements can help protect against SQL injection.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14847/info

AEwebworks aeDating is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/search_result.php?Sex=male&LookingFor=female&DateOfBirth_start=18&DateOfBirth_end=40&Country%5B%5D=0UNION

Navigation

Suggest Exploit

Services By CQR