Описание
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:bookingcore:booking_core:2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00213
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.
EPSS
Процентиль: 44%
0.00213
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639