What the vulnerability does
01Description
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.
Explanation of Vulnerability in Simple Terms
Booking and Rental Manager through version 2.7.1 lacks proper authorization checks, allowing unauthenticated attackers to modify data via network requests. The vulnerability does not expose sensitive information or disrupt availability, but permits unauthorized changes to booking or rental records. Site administrators should update to a version newer than 2.7.1 as soon as available.
What an attacker can do
Modify booking or rental data without authentication.
Potential impact on your site
Attackers can alter bookings, reservations, or rental records without logging in.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources