Perceptive Security
SOC/SIEM Consultancy
Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting…
Published:
23 March 2026 at 23:00:00
Alert date:
24 March 2026 at 16:16:53
Source:
nvd.nist.gov
Web Technologies, Database & Storage
CVE-2019-25639 affects Matrimony Website Script M-Plus with multiple SQL injection vulnerabilities. Unauthenticated attackers can manipulate database queries by injecting SQL code through various POST parameters including txtGender, religion, Fage, and cboCountry. The vulnerabilities exist across multiple PHP files: simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php. Attackers can extract sensitive database information or execute arbitrary SQL commands. The vulnerability allows complete database compromise without authentication requirements.
Technical details
Mitigation steps:
Affected products:
Matrimony Website Script M-Plus
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2019-25639
https://www.exploit-db.com/exploits/46591
https://www.matri4web.com
https://www.vulncheck.com/advisories/matrimony-website-script-m-plus-multiple-sql-injection
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.