Vulnerability CVE-2017-17983


Published: 2017-12-29   Modified: 2017-12-30

Description:
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

Vendor: Muslim matrimonial script project
Product: Muslim matrimonial script 
Version: 3.0.3;

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://github.com/d4wner/Vulnerabilities-Report/blob/master/Muslim%20Matrimonial%20Script.md

Related CVE
CVE-2017-17988
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.
CVE-2017-17987
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
CVE-2017-17986
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.
CVE-2017-17985
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.
CVE-2017-17984
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.
CVE-2017-17982
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.
CVE-2017-17981
PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.
CVE-2017-17639
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

Copyright 2018, cxsecurity.com

 

Back to Top