5 matches found
CVE-2006-4870
CVE-2006-4870 describes multiple PHP remote file inclusion vulnerabilities in AEDating 4.1 (and possibly earlier). A remote attacker can execute arbitrary PHP code by supplying a URL in the dir[inc] parameter targeting inc/design.inc.php or inc/admin_design.inc.php. The vulnerability’s impact is ...
CVE-2006-3279
CVE-2006-3279 describes a cross-site scripting (XSS) vulnerability in aeDating 4.1. The affected application exposes three vulnerable input points: the Sex parameter in index.php, the ProfileType parameter in join_form.php, and the Email parameter in forgot.php. These allow remote attackers to in...
CVE-2005-1083
CVE-2005-1083 concerns index.php in aeDating 3.2, where an attacker can remotely include arbitrary files via the skin parameter. This is a plain file inclusion vulnerability and results in arbitrary file inclusion. Context from multiple sources (NVD/Red Hat/CVE records) confirms the affected prod...
CVE-2005-2985
The CVE refers to a SQL injection vulnerability in AEwebworks aeDating Script 4.0 and earlier, exploitable via the Country parameter in search_result.php. The root cause is unsanitized user input leading to arbitrary SQL execution; affected product versions are aeDating Script 4.0 and earlier. Im...
CVE-2005-1084
The CVE describes an SQL injection in aeDating 3.2 involving sdating.php where the event parameter can be exploited by remote attackers to execute arbitrary SQL commands. Affected component: sdating.php within aeDating 3.2. Root cause: improper handling/sanitization of the event parameter leading...