AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability
BID:13111
Info
AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability
| Bugtraq ID: | 13111 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1084 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Discovery is credited to dionisio. |
| Vulnerable: |
AEwebworks Dating Software aeDating 3.2 |
| Not Vulnerable: | |
Discussion
AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability
aeDating is affected by an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input through a parameter of the 'sdating.php' script before using it in a SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
aeDating 3.2 and prior are affected by this issue.
aeDating is affected by an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input through a parameter of the 'sdating.php' script before using it in a SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
aeDating 3.2 and prior are affected by this issue.
Exploit / POC
AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
AEwebworks Dating Software AeDating Sdating.PHP SQL Injection Vulnerability
References:
References:
- aeDating Product Page (AEwebworks Dating Software)