What the vulnerability does
01Description
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
Explanation of Vulnerability in Simple Terms
Simply Schedule Appointments versions up to 1.6.9.27 contain a SQL injection vulnerability that allows unauthenticated attackers to read sensitive data from the database. The vulnerability requires no user interaction and can be exploited over the network. An attacker can extract database contents including user information and configuration data.
What an attacker can do
Read sensitive data from the site's database without authentication.
Potential impact on your site
Attackers can extract user data, credentials, and other sensitive information stored in your database.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities