What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Privilege Escalation.This issue affects Salon booking system: from n/a through < 10.15.
Explanation of Vulnerability in Simple Terms
The Salon booking system contains an improper access control vulnerability affecting versions up to 10.15. An authenticated administrator can read, modify, or delete sensitive data and system settings without proper authorization checks. The vulnerability requires high-level privileges to exploit but grants unrestricted access to confidential information and system integrity.
What an attacker can do
Read, modify, or delete sensitive data and system settings with administrator access.
Potential impact on your site
Administrators can access and alter data beyond their intended scope, risking data breaches and system misconfiguration.
Conditions required to exploit
Attacker must have administrator-level credentials for the Salon booking system.
Key dates
External resources