Lucene search

WpvulndbWPVDB-ID:7DD8E1B2-B56A-431F-AA3C-4D17427A6841

HistoryMay 20, 2024 - 12:00 a.m.

Salon booking system < 10.0 - Unauthenticated Arbitrary File Deletion

2024-05-2000:00:00

wpscan.com

salon booking system

wordpress

arbitrary file deletion

unauthenticated

vulnerable

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

Percentile

15.5%

JSON

Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This was partially patched in 9.9, and sufficiently patched in 10.0.

References

www.wordfence.com/threat-intel/vulnerabilities/id/eaafeadd-f44c-49b1-b900-ef40800c629e

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for WPVDB-ID:7DD8E1B2-B56A-431F-AA3C-4D17427A6841