CVE-2017-20071

MEDIUM

Hindu Matrimonial Script - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20071. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in the admin login page of Hindu Matrimonial Script, allowing authentication bypass using the payload 'or''='. It also lists direct access URLs for various admin functionalities without authentication.

Description

A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/41044

The exploit demonstrates an SQL injection vulnerability in the admin login page of Hindu Matrimonial Script, allowing authentication bypass using the payload 'or''='. It also lists direct access URLs for various admin functionalities without authentication.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Hindu Matrimonial Script
No auth needed
Prerequisites: Access to the admin login page
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/41044/
Third Party Advisory, VDB Entry x_refsource_misc
https://vuldb.com/?id.95411

Scores

CVSS v3 6.3
EPSS 0.0067
EPSS Percentile 47.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-269
Status published
Products (1)
hindu_matrimonial_script_project/hindu_matrimonial_script
Published Jun 21, 2022
Tracked Since Feb 18, 2026