Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting…

CVE-2019-25639 affects Matrimony Website Script M-Plus with multiple SQL injection vulnerabilities. Unauthenticated attackers can manipulate database queries by injecting SQL code through various POST parameters including txtGender, religion, Fage, and cboCountry. The vulnerabilities exist across multiple PHP files: simplesearch_results.php, advsearch_results.php, specialcase_results.php, locational_results.php, and registration2.php. Attackers can extract sensitive database information or execute arbitrary SQL commands. The vulnerability allows complete database compromise without authentication requirements.