Description

Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.

Related CPE's

a

bookingcore

booking_core

2.0

Vulnerable

References

https://www.navidkagalwalla.com/booking-core-vulnerabilities

ExploitThird Party Advisory

https://www.navidkagalwalla.com/booking-core-vulnerabilities

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-639

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-04T12:15:07.433Z

4 years ago

Last modified

2024-11-21T05:14:58.093Z

1 year ago