Intrusion Prevention

AEwebworks.aeDating.SearchResult.SQL.Injection

Description

It indicates a possible exploit of SQL injection vulnerability in search_result.php in AEwebworks aeDating Script that may allow remote attackers to execute arbitrary SQL statements via the Country parameter. This is due application failure to sanitize user-supplied input before it is used in an SQL query. An attacker may exploit this issue and compromise application and underlying database.

Affected Products

AEwebworks Dating Software aeDating 4.0 and 3.2.

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor if available.

CVE References

CVE-2005-2985