PT-2021-23378 · Unknown · Premiumdatingscript
Maksim Chudakov
·
Published
2021-12-09
·
Updated
2023-08-08
·
CVE-2021-41694
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Premiumdatingscript version 4.2.7.7
Description
An issue exists due to incorrect access control in the password change procedure. This issue is specifically found in the
requestsuser.php file.Recommendations
For Premiumdatingscript version 4.2.7.7, consider restricting access to the password change procedure in
requestsuser.php until a fix is available. As a temporary workaround, review and limit the use of the password change functionality to minimize potential exploitation.Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Premiumdatingscript