CVE-2021-41694

CVE-2021-41694 affects Premiumdatingscript 4.2.7.7, with an Incorrect Access Control condition exposed through the password change procedure in requests\user.php. The vulnerability enables improper access control to the password change flow, as described in multiple sources (Red Hat, CNVD/CNNVD, ...

CVE-2021-41696

The CVE-2021-41696 entry concerns Premiumdatingscript 4.2.7.7, where an authentication bypass/account takeover arises from a weak password reset mechanism in requests\user.php. This vulnerability enables bypassing authentication without user interaction,典ically allowing unauthorized access and po...

CVE-2021-41697

A reflected Cross Site Scripting (XSS) vulnerability exists in Belloo/Premiumdatingscript around version 4.2.7.7, exploitable via the aerror_description parameter in assets/sources/instagram.php. Sources in CNVD/CNNVD/Red Hat/CVE listings describe a client-side JavaScript execution risk due to in...

CVE-2021-41695

CVE-2021-41695 affects Premiumdatingscript 4.2.7.7, with the vulnerability occurring via the ip parameter in connect.php. The issue is an SQL injection caused by unsafely handling external input, potentially allowing an attacker to execute arbitrary SQL commands and access sensitive data. The con...