{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25635", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-24T11:03:00.169Z", "datePublished": "2026-03-24T11:27:08.618Z", "dateUpdated": "2026-03-24T15:12:08.631Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T11:27:08.618Z"}, "datePublic": "2019-03-25T00:00:00.000Z", "title": "Zeeways Matrimony CMS Lastest SQL Injection via profile_list", "descriptions": [{"lang": "en", "value": "Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Zeeways", "product": "Zeeways Matrimony CMS", "versions": [{"version": "*", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46603", "name": "ExploitDB-46603", "tags": ["exploit"]}, {"url": "http://www.zeeways.com/matrimony-cms/4/productdetail", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: Zeeways Matrimony CMS Lastest SQL Injection via profile_list", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zeeways-matrimony-cms-lastest-sql-injection-via-profile-list"}], "credits": [{"lang": "en", "value": "Ahmet \u00dcmit BAYRAM", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:09:27.499190Z", "id": "CVE-2019-25635", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:12:08.631Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25635", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-24T11:03:00.169Z", "datePublished": "2026-03-24T11:27:08.618Z", "dateUpdated": "2026-03-24T15:12:08.631Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-24T11:27:08.618Z"}, "datePublic": "2019-03-25T00:00:00.000Z", "title": "Zeeways Matrimony CMS Lastest SQL Injection via profile_list", "descriptions": [{"lang": "en", "value": "Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "cweId": "CWE-89", "type": "CWE"}]}], "affected": [{"vendor": "Zeeways", "product": "Zeeways Matrimony CMS", "versions": [{"version": "*", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46603", "name": "ExploitDB-46603", "tags": ["exploit"]}, {"url": "http://www.zeeways.com/matrimony-cms/4/productdetail", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: Zeeways Matrimony CMS Lastest SQL Injection via profile_list", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/zeeways-matrimony-cms-lastest-sql-injection-via-profile-list"}], "credits": [{"lang": "en", "value": "Ahmet \u00dcmit BAYRAM", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25635", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:09:27.499190Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:09:28.520Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zeeways:matrimony_cms:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4F28E74-FC06-4480-8DD1-11E4A59A6453", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques."}, {"lang": "es", "value": "Zeeways Matrimony CMS contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL que permiten a atacantes no autenticados manipular consultas a la base de datos a trav\u00e9s del endpoint profile_list. Los atacantes pueden inyectar c\u00f3digo SQL a trav\u00e9s de los par\u00e1metros up_cast, s_mother y s_religion para extraer informaci\u00f3n sensible de la base de datos utilizando t\u00e9cnicas basadas en tiempo o basadas en errores."}], "id": "CVE-2019-25635", "lastModified": "2026-04-15T15:31:48.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-24T12:16:04.203", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "http://www.zeeways.com/matrimony-cms/4/productdetail"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46603"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/zeeways-matrimony-cms-lastest-sql-injection-via-profile-list"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Zeeways Matrimony CMS", "source": "cna", "vendor": "Zeeways"}, "product": "zeeways_matrimony_cms", "vendor": "zeeways"}], "analysis": {"en": {"generated_at": "2026-03-24T12:23:38.706035+00:00", "value": {"mitigation_remediation": ["Check for and apply any vendor\u2011released patch or update for Zeeways Matrimony CMS that addresses the profile_list injection flaw.", "If no patch is available, restrict network access to the profile_list endpoint by firewall rules or IP whitelisting to limit potential attackers.", "Implement input validation or parameterized queries to eliminate unsanitized SQL concatenation in the affected code paths.", "Deploy a web application firewall with rules tuned to detect and block SQL injection patterns targeting these parameters.", "Monitor incoming traffic and application logs for signs of injection attempts and conduct regular vulnerability scans."], "summary": {"action": "Assess Impact", "impact": "Sensitive data disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Zeeways Matrimony CMS provided by Zeeways. Documentation does not specify any restricted product versions, indicating that all installations exposing the profile_list endpoint are potentially vulnerable. Administrators should verify whether their system uses this module and whether any mitigations were applied by the vendor.", "description_and_impact": "Unvalidated user input in the profile_list endpoint of Zeeways Matrimony CMS permits an unauthenticated attacker to inject arbitrary SQL via the up_cast, s_mother, and s_religion parameters. This flaw enables extraction of confidential database contents through time\u2011based or error\u2011based techniques, allowing the attacker to read sensitive information such as user credentials, personal data, and other confidential records. The weakness represents a classic SQL injection (CWE\u201189) that directly compromises data confidentiality.", "risk_and_exploitability": "With a CVSS score of 8.8, the flaw is considered high severity. No EPSS score is listed, but the vulnerability is publicly known, and the exploit is straightforward: an unauthenticated web request to the site can trigger the injection without additional permissions or complex setup. The attack vector is inferred to be remote over the network, as the endpoint is exposed via HTTP. Because the flaw is not listed in KEV, the exploitation level might still be low, yet the inherent confidentiality risk and ease of exploitation warrant immediate attention."}}}}, "created": "2026-03-25T11:48:38.547158+00:00", "updated": "2026-03-25T20:39:36.033473+00:00", "vendors": ["zeeways", "zeeways$PRODUCT$zeeways_matrimony_cms"]}