What the vulnerability does
01Description
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Booking Package <= 1.7.06 versions.
Explanation of Vulnerability in Simple Terms
Booking Package versions up to 1.7.06 lack proper authorization checks, allowing unauthenticated attackers to modify booking data over the network. The vulnerability does not expose sensitive information but can alter records without authentication. Site administrators should update to a version newer than 1.7.06 immediately.
What an attacker can do
Modify booking records without logging in or providing credentials.
Potential impact on your site
Attackers can alter or corrupt booking data, potentially disrupting reservations and customer records.
Conditions required to exploit
Network access to the Booking Package application; no authentication required.
Key dates
External resources
Related vulnerabilities