Lucene search
HistoryDec 28, 2023 - 12:15 p.m.
CVE-2023-50852
cve-2023-50852
improper neutralization
sql command
vulnerability
stylemixthemes booking calendar
appointment booking
bookit
version 2.4.3
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.3%
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in StylemixThemes Booking Calendar | Appointment Booking | BookIt.This issue affects Booking Calendar | Appointment Booking | BookIt: from n/a through 2.4.3.
Affected configurations
Node
stylemixthemesbookitRange<2.4.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| stylemixthemes | bookit | * | cpe:2.3:a:stylemixthemes:bookit:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2023-50852
2023-12-28 12:15:43
prion
prion
Sql injection
2023-12-28 12:15:00
cvelist
cvelist
wpvulndb
wpvulndb
BookIt < 2.4.4 - Authenticated(Administrator+) SQL Injection
2024-01-05 00:00:00
wordfence
wordfence
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
19.3%
Related for NVD:CVE-2023-50852