5.3

CVE-2022-0919

Exploit

EPSS 0.98%
Veröffentlicht 11.04.2022 15:15:08
Zuletzt bearbeitet 21.11.2024 06:39:40
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.

Mögliche Gegenmaßnahme

Salon Booking System – Free Version: Update to version 7.6.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Salon Booking System – Free Version

Version *-7.6.2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Salonbookingsystem ≫ Salon Booking System SwPlatformwordpress Version < 7.6.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.98%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/a82ac1c9-e037-4afa-b433-2efef2e61403

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0919

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0919

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0919

EUVD