Belloo, a βhigh qualityβ dating software from Belloo, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the ip parameter of connect.php, and can be exploited to execute illegal SQL commands to steal sensitive data from the database. sensitive data.