Описание
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:globaldatingsoftware:premiumdatingscript:4.2.7.7:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00178
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-521
Связанные уязвимости
github
около 4 лет назад
An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.
EPSS
Процентиль: 39%
0.00178
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-521