What the vulnerability does
01Description
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Salon booking system <= 10.30.25 versions.
Explanation of Vulnerability in Simple Terms
The Salon booking system fails to properly check user permissions before allowing access to booking data and administrative functions. An attacker on the network can read sensitive information without logging in. This affects all versions up to 10.30.25. Update to a version newer than 10.30.25 when available.
What an attacker can do
Read booking data and other sensitive information without authentication.
Potential impact on your site
Customer booking records, contact details, and payment info may be exposed to anyone on the internet.
Conditions required to exploit
Network access to the salon booking system; no login required.
Key dates
External resources
Related vulnerabilities