Lucene search
Huli from CymetricsWPEX-ID:E8F32E0B-4A89-460B-BB78-7C83EF5E16B4HistoryMar 21, 2022 - 12:00 a.m.
Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
2022-03-2100:00:00
Huli from Cymetrics
256
salon booking system
unauthenticated
sensitive data disclosure
api
search feature
email
phone
exploit
EPSS
0.001
Percentile
41.1%
The plugin does not have proper authorisation when searching bookings, allowing any unauthenticated users to search other’s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.
Although the API only returns the name of customer, the search feature can be abused to leak email and phone, for example, search "a@", "b@", "c@"... to determine email address char by char.
curl -X POST https://example.com/wp-admin/admin-ajax.php -d 'action=salon&day=2022-03-11&search=%40&method=SearchBookings'Related
cve
cve
CVE-2022-0919
2022-04-11 15:15:08
prion
prion
Design/Logic Flaw
2022-04-11 15:15:00
wpvulndb
wpvulndb
Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
2022-03-21 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2022-0919
2022-04-11 15:15:08