Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-41694 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 5.0 MEDIUM | 9.8 CRITICAL |
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | |||||
CVE-2021-41695 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 7.5 HIGH | 9.8 CRITICAL |
An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. . | |||||
CVE-2021-41696 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | |||||
CVE-2021-41697 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2021-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script. |