CVE-2009-4700

Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. (dot dot) in the layout parameter.

CVE-2009-4699

Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.