Primary

Context

QuickDate SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in QuickDate version 1.3.2. This vulnerability allows remote attackers to manipulate database queries by injecting UNION-based SQL statements through the '_located' parameter in the find_matches endpoint. Exploitation of this vulnerability could lead to unauthorized access to database information, including user credentials, database name, and system version.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract sensitive information from the database, such as user credentials and system details.

Reproduction

To reproduce this vulnerability, send a POST request to the '/find_matches' endpoint with the '_located' parameter. Inject a UNION-based SQL statement to extract database information. The response will include the injected data, confirming the successful exploitation of the SQL injection vulnerability.

Added: Feb 7, 2026, 12:27 AM

Updated: Feb 7, 2026, 12:27 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QuickDate SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating