Unrestricted Upload of File with Dangerous Type Vulnerability Affects Salon Booking System
CVE-2024-30510

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Salon Booking System
Vendor: CVE Published:; 29 March 2024

Summary

The Salon Booking System exhibits a vulnerability that allows arbitrary file uploads. This issue arises from inadequate validation mechanisms within the upload functionality, enabling unauthorized users to upload potentially harmful files. Such uploads can lead to security breaches, including the execution of malicious scripts and the compromise of the server's integrity. Effective security measures and patches are essential to mitigate these risks for systems using versions from 'n/a' through '9.5'.

Affected Version(s)

Salon booking system <= 9.5

References

https://patchstack.com/database/vulnerability/salon-booki...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 27, 2024

Credit

stealthcopter (Patchstack Alliance)