Maksim Chudakov

**Name of the Vulnerable Software and Affected Versions** Premiumdatingscript version 4.2.7.7 **Description** An issue exists due to incorrect access control in the password change procedure. This issue is specifically found in the `requestsuser.php` file. **Recommendations** For Premiumdatingscript version 4.2.7.7, consider restricting access to the password change procedure in `requestsuser.php` until a fix is available. As a temporary workaround, review and limit the use of the password change functionality to minimize potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Premiumdatingscript version 4.2.7.7 **Description** An SQL Injection issue exists via the `ip` parameter in `connect.php`. **Recommendations** For Premiumdatingscript version 4.2.7.7, consider restricting access to the `connect.php` file or validating the `ip` parameter to prevent SQL injection attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Premiumdatingscript version 4.2.7.7 **Description** An authentication bypass issue exists due to a weak password reset mechanism in requestsuser.php, potentially allowing account takeover. **Recommendations** For Premiumdatingscript version 4.2.7.7, consider disabling the password reset mechanism in requestsuser.php until a patch is available. Restrict access to the user.php file to minimize the risk of exploitation. Avoid using the weak password reset mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Premiumdatingscript version 4.2.7.7 **Description** A reflected Cross Site Scripting (XSS) issue exists via the `aerror description` parameter in the assets/sources/instagram.php script. This allows for potential malicious script execution. **Recommendations** For Premiumdatingscript version 4.2.7.7, consider restricting access to the `aerror description` parameter in the assets/sources/instagram.php script until a patch is available. As a temporary workaround, avoid using the `aerror description` parameter in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.