CVE-2023-46798: Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Tue Nov 07 2023(Updated: )
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'pass' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Online Matrimonial Project | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
CVE-2023-46798
What is the title of this vulnerability?
Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
What is the affected software?
Projectworlds Online Matrimonial Project v1.0
What is the severity of this vulnerability?
Critical
What is the Common Weakness Enumeration (CWE) ID of this vulnerability?
CWE-89
How can I fix this vulnerability?
Apply the patch provided by the vendor or upgrade to a version that addresses this issue.
- collector/nvd-api
- collector/mitre-cve
- agent/weakness
- agent/severity
- agent/author
- agent/event
- vendor/projectworlds
- canonical/projectworlds online matrimonial project
- version/projectworlds online matrimonial project/1.0
- status/rejected