CVE-2022-0919
Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.
Los plugins Salon booking system Free y pro de WordPress versiones anteriores a 7.6.3, no presentan la autorización apropiada cuando buscan reservas, lo que permite a cualquier usuario no autenticado buscar las reservas de otros, así como recuperar información confidencial sobre las reservas, como el nombre completo, el correo electrónico y el número de teléfono de la persona que las reservó
*Credits:
Huli from Cymetrics
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-03-10 CVE Reserved
- 2022-03-21 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/e8f32e0b-4a89-460b-bb78-7c83ef5e16b4 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Salonbookingsystem Search vendor "Salonbookingsystem" | Salon Booking System Search vendor "Salonbookingsystem" for product "Salon Booking System" | < 7.6.3 Search vendor "Salonbookingsystem" for product "Salon Booking System" and version " < 7.6.3" | wordpress |
Affected
| ||||||