CVE-2021-41696

MEDIUM

Globaldatingsoftware Premiumdatingscript - Authentication Bypass

Title source: rule

Description

An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7 due to a weak password reset mechanism in requests\user.php.

References (1)

[Exploit, Third Party Advisory] https://www.chudamax.com/posts/multiple-vulnerabilities-in-belloo-dating-script/

Scores

CVSS v3 6.5

EPSS 0.0018

EPSS Percentile 39.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-521

Status published

Products (1)

globaldatingsoftware/premiumdatingscript 4.2.7.7

Published Dec 09, 2021

Tracked Since Feb 18, 2026