PhpDatingClub 'search.php' Cross-Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

phpDatingClub is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. phpDatingClub 3.7 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/35454

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2178, CVE-2009-2179

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

'research_display.php' SQL Injection Vulnerability
AVTECH DVR Multiple Vulnerabilities
b2Evolution title SQL Injection
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
AWStats configdir parameter arbitrary cmd exec

phpDatingClub 'search.php' Cross-Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities