CVE-2019-25635

Published: Mar 24, 2026

Modified: Mar 24, 2026

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques.

Vendor	Product	Versions
Zeeways	Zeeways Matrimony CMS	affected `*`

Weaknesses (CWE)

CWE-89

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

References

ExploitDB-46603

exploit

Official Product Homepage

product

VulnCheck Advisory: Zeeways Matrimony CMS Lastest SQL Injection via profile_list

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-25635

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References