index.php in aeDating 3.2 allows remote malicious users to include arbitrary files via the skin parameter.
aewebworks aedating 3.2