CVE-2021-37331

Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.
References
Link Resource
https://www.navidkagalwalla.com/booking-core-vulnerabilities Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bookingcore:booking_core:2.0:*:*:*:*:*:*:*

History

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-287 CWE-639

12 Oct 2021, 19:35

Type Values Removed Values Added
CPE cpe:2.3:a:bookingcore:booking_core:2.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
CWE CWE-287
References (MISC) https://www.navidkagalwalla.com/booking-core-vulnerabilities - (MISC) https://www.navidkagalwalla.com/booking-core-vulnerabilities - Exploit, Third Party Advisory

04 Oct 2021, 14:41

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 14:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-37331

Mitre link : CVE-2021-37331

CVE.ORG link : CVE-2021-37331


JSON object : View

Products Affected

bookingcore

  • booking_core
CWE
CWE-639

Authorization Bypass Through User-Controlled Key