Belloo, a βhigh qualityβ dating software from Belloo, is vulnerable to an access control error that originates from the use of md5($time) to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess the code using a brute-force method.