Headline
CVE-2023-46790: Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) | Advisories | Fluid Attacks
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic2’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.
Hacking software for over 20 years
Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.