vendor:
Entrepreneur Dating Script
by:
Borna nematzadeh (L0RD)
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Entrepreneur Dating Script
Affected Version From: 2.0.2
Affected Version To: 2.0.2
Patch Exists: NO
Related CWE: N/A
CPE: a:phpscriptsmall:entrepreneur_dating_script:2.0.2
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2018
Entrepreneur Dating Script 2.0.2 – Authentication Bypass
With this exploit, attacker can login as any user without any authentication. To exploit, attacker must go to the login page and enter any username and ' or 'x'='x as the password.
Mitigation:
Ensure that authentication is properly implemented and that user input is properly validated.
