Globaldatingsoftware: Security Vulnerabilities
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-09
An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. .
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-09
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-09
A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-09