AzDGDatingPlatinum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the view.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Azerbaijan Development Group AzDGDatingPlatinum 1.1 .0
AzDGDatingPlatinum is reported prone to multiple vulnerabilities.
The following specific issues were identified:
- Multiple SQL-injection vulnerabilities. These issues could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
- A cross-site scripting issue. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
AzDGDatingPlatinum 1.1.0 is reported vulnerable. Other versions may be affected as well.
These issues can be exploited using a web client.
The following proof-of-concept URIs are available:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org:email@example.com.