Description
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
Published: 2026-03-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection with potential data exfiltration
Action: Apply Patch
AI Analysis

Impact

The M‑Plus edition of the Matri4Web Matrimony Website Script contains several unsanitized POST parameters that enable attackers to inject arbitrary SQL code. Unauthenticated users can supply malicious payloads in fields such as txtGender, religion, Fage, and cboCountry across numerous result pages and the registration script. Because the script directly interpolates these values into database queries, attackers could extract sensitive user data or execute arbitrary SQL commands, leading to data theft or modification.

Affected Systems

The affected application is the Matri4Web Matrimony Website Script, version information is not supplied in the advisory. The vulnerability exists in the result‑generation and registration components (simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, registration2.php). Users running any deployment of this script are potentially exposed unless they have applied a vendor update.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the lack of authentication requirements makes exploitation straightforward over the Internet. Attackers likely use standard web‑based POST requests to deliver the payload, which can immediately compromise confidentiality and integrity of the underlying database.

Generated by OpenCVE AI on March 24, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor's website for an updated version or security patch, and apply it immediately.
  • If an official patch is unavailable, replace or remove the vulnerable PHP files (simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, registration2.php) and update the code to use parameterized queries or stored procedures.
  • Implement input validation or use a web application firewall to block malicious SQL payloads.
  • Monitor web logs for unusual POST activity and regularly audit the database for unauthorized changes.

Generated by OpenCVE AI on March 24, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Matri4web
Matri4web matrimony Website Script
Vendors & Products Matri4web
Matri4web matrimony Website Script

Tue, 24 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, and cboCountry across simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php to extract sensitive database information or execute arbitrary SQL commands.
Title Matrimony Website Script M-Plus Multiple SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Matri4web Matrimony Website Script
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T13:08:12.060Z

Reserved: 2026-03-24T11:03:44.645Z

Link: CVE-2019-25639

cve-icon Vulnrichment

Updated: 2026-03-24T13:04:51.897Z

cve-icon NVD

Status : Deferred

Published: 2026-03-24T12:16:04.983

Modified: 2026-04-15T15:00:32.790

Link: CVE-2019-25639

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:39:32Z

Weaknesses