CVE-2023-46786: Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Tue Nov 07 2023(Updated: )
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Online Matrimonial Project | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Online Matrimonial Project v1.0 vulnerability?
The vulnerability ID for the Online Matrimonial Project v1.0 vulnerability is CVE-2023-46786.
What is the severity of vulnerability CVE-2023-46786?
The severity of vulnerability CVE-2023-46786 is critical with a severity value of 9.8.
How does the Online Matrimonial Project v1.0 vulnerability occur?
The Online Matrimonial Project v1.0 vulnerability occurs due to multiple unauthenticated SQL Injection vulnerabilities in the 'password' parameter of the auth/auth.php resource.
What is the affected software of vulnerability CVE-2023-46786?
The affected software of vulnerability CVE-2023-46786 is Online Matrimonial Project v1.0.
How can I fix vulnerability CVE-2023-46786 in Online Matrimonial Project v1.0?
To fix vulnerability CVE-2023-46786 in Online Matrimonial Project v1.0, implement proper validation for the 'password' parameter in the auth/auth.php resource to prevent unauthenticated SQL injections.
- collector/nvd-api
- collector/mitre-cve
- agent/weakness
- agent/severity
- agent/author
- agent/event
- vendor/projectworlds
- canonical/projectworlds online matrimonial project
- version/projectworlds online matrimonial project/1.0
- status/rejected