CVE-2021-41694

Critical

An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.

mitre·CWE-330·Published 2021-12-09

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

135 chars

An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.

NVDen

135 chars

An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.

Se presenta una vulnerabilidad de Control de Acceso Incorrecto en Premiumdatingscript versión 4.2.7.7, por medio del procedimiento de cambio de contraseña en el archivo requests\user.php

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H