Lucene search

[email protected]CVE-2023-24373

HistoryJun 03, 2024 - 10:15 p.m.

CVE-2023-24373

2024-06-0322:15:09

CWE-472

[email protected]

web.nvd.nist.gov

cve-2023-24373

nvd

security document

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3.

Affected configurations

Vulners

Node

wpdevartbooking_calendarRange≤3.2.3

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "booking-calendar",
    "product": "Booking calendar, Appointment Booking System",
    "vendor": "WpDevArt",
    "versions": [
      {
        "changes": [
          {
            "at": "3.2.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.2.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/booking-calendar/wordpress-booking-calendar-appointment-booking-system-plugin-3-2-3-bypass-vulnerability?_s_id=cve

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-24373

nvd1 cvelist1 vulnrichment1