Aewebworks » Aedating : Security Vulnerabilities, CVEs,

CVE-2006-4870

Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
Max CVSS
7.5
EPSS Score
14.73%
Published
2006-09-19
Updated
2017-10-19

CVE-2006-3279

Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php.
Max CVSS
4.3
EPSS Score
0.62%
Published
2006-06-28
Updated
2018-10-18

CVE-2005-2985

SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2005-09-20
Updated
2017-07-11

CVE-2005-1084

SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2005-05-02
Updated
2008-09-05

CVE-2005-1083

index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter.
Max CVSS
5.0
EPSS Score
0.14%
Published
2005-05-02
Updated
2008-09-05
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close