Description
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by 41.w4r10r · textwebappsphp
https://www.exploit-db.com/exploits/12438
exploitdb
WRITEUP
VERIFIED
by EllipSiS Security · textwebappsphp
https://www.exploit-db.com/exploits/28094
exploitdb
WRITEUP
VERIFIED
by EllipSiS Security · textwebappsphp
https://www.exploit-db.com/exploits/28096
exploitdb
WRITEUP
VERIFIED
by EllipSiS Security · textwebappsphp
https://www.exploit-db.com/exploits/28095
exploitdb
WRITEUP
VERIFIED
by EllipSiS Security · textwebappsphp
https://www.exploit-db.com/exploits/28093
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438245/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1163
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2512
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18605
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27383
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20802
Scores
EPSS
0.0060
EPSS Percentile
69.5%
Details
Status
published
Products (2)
softbiz/dating_script
1.0
softbizscripts/dating_script
1.0
Published
Jun 28, 2006
Tracked Since
Feb 18, 2026