8 matches found
Belloo Permissions and Access Control Issues Vulnerability
Belloo, a "high quality" dating software from Belloo, is vulnerable to permission and access control issues due to a weak password reset mechanism in requestsuser.php, which could be exploited to bypass authentication vulnerabilities and take over an account...
Belloo Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in versions of Belloo prior to 4.2.7.7, which allows attackers to filter user-supplied data and output data via the aerror description parameter in the assets/sources/instagram.php script. description parameter in the assets/sources/instagram.php script...
Belloo Access Control Error Vulnerability
Belloo, a "high quality" dating software from Belloo, is vulnerable to an access control error that originates from the use of md5$time to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess t...
Belloo SQL Injection Vulnerability
Belloo, a "high quality" dating software from Belloo, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the ip parameter of connect.php, and can be exploited to execute illegal SQL commands to steal sensitive data from the database. sensitiv...
Belloo 权限许可和访问控制问题漏洞
Belloo, a "high quality" dating software from Belloo, is vulnerable to permission and access control issues due to a weak password reset mechanism in requestsuser.php, which could be exploited to bypass authentication vulnerabilities and take over an account...
Belloo 跨站脚本漏洞
A cross-site scripting vulnerability exists in versions of Belloo prior to 4.2.7.7, which allows attackers to filter user-supplied data and output data via the aerror description parameter in the assets/sources/instagram.php script. description parameter in the assets/sources/instagram.php script...
Belloo SQL注入漏洞
Belloo, a "high quality" dating software from Belloo, is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the ip parameter of connect.php, and can be exploited to execute illegal SQL commands to steal sensitive data from the database. sensitiv...
Belloo 安全特征问题漏洞
Belloo, a "high quality" dating software from Belloo, is vulnerable to an access control error that originates from the use of md5$time to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess t...