Intrusion Prevention

AJDating.Viewprofile.PHP.SQL.Injection

Description

This indicates an attack attempt against an SQL-injection vulnerability in view_profile.php in AJDating.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to execute arbitrary SQL commands via the user_id parameter.

Affected Products

AJ Square AJ Dating 1.0

Impact

System Compromise

Recommended Actions

Update to the latest versions:
http://www.ajsquare.com/products/dating/index.php?dat=1

CVE References

CVE-2007-1297