PT-2021-23380 · Unknown · Premiumdatingscript

Maksim Chudakov

Published

2021-12-09

Updated

2021-12-14

CVE-2021-41696

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Premiumdatingscript version 4.2.7.7

Description An authentication bypass issue exists due to a weak password reset mechanism in requestsuser.php, potentially allowing account takeover.

Recommendations For Premiumdatingscript version 4.2.7.7, consider disabling the password reset mechanism in requestsuser.php until a patch is available. Restrict access to the user.php file to minimize the risk of exploitation. Avoid using the weak password reset mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2021-41696

Affected Products

Premiumdatingscript

PT-2021-23380 · Unknown · Premiumdatingscript

CVE-2021-41696

Weakness Enumeration

Related Identifiers

Affected Products

References · 5