What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H
What the vulnerability does
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.
Explanation of Vulnerability in Simple Terms
Booked versions 3.0.0 and earlier contain an authentication weakness that allows high-privileged users to read sensitive data and modify system settings. The vulnerability requires administrator-level access and does not involve user interaction. Confidentiality and availability are significantly impacted.
What an attacker can do
Read sensitive data and modify system settings with high-privilege account access.
Potential impact on your site
Administrators with compromised credentials can access confidential information and alter critical system configurations.
Conditions required to exploit
Attacker must have high-level administrative privileges on the Booked installation.
Key dates
External resources