CVE-2017-20075

MEDIUM

Hindu Matrimonial Script - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20075. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in the admin login page of Hindu Matrimonial Script, allowing authentication bypass using the payload 'or''='. It also lists direct access URLs for various admin functionalities without authentication.

Description

A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/41044

The exploit demonstrates an SQL injection vulnerability in the admin login page of Hindu Matrimonial Script, allowing authentication bypass using the payload 'or''='. It also lists direct access URLs for various admin functionalities without authentication.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Hindu Matrimonial Script
No auth needed
Prerequisites: Access to the admin login page
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/41044/
Permissions Required, Third Party Advisory, VDB Entry x_refsource_misc
https://vuldb.com/?id.95415

Scores

CVSS v3 6.3
EPSS 0.0067
EPSS Percentile 47.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-269
Status published
Products (1)
hindu_matrimonial_script_project/hindu_matrimonial_script
Published Jun 21, 2022
Tracked Since Feb 18, 2026