Premiumdatingscript
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41695 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2021 | An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. . | ||
| CVE-2021-41694 | Cri | 0.64 | 9.8 | 0.01 | Dec 9, 2021 | An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | ||
| CVE-2021-41696 | Med | 0.42 | 6.5 | 0.01 | Dec 9, 2021 | An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php. | ||
| CVE-2021-41697 | Med | 0.40 | 6.1 | 0.01 | Dec 9, 2021 | A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script. |
- risk 0.64cvss 9.8epss 0.01
An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the ip parameter in connect.php. .
- risk 0.64cvss 9.8epss 0.01
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.
- risk 0.42cvss 6.5epss 0.01
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.
- risk 0.40cvss 6.1epss 0.01
A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script.