Lucene search
Hussien MisbahWPVDB-ID:8A7BD9F6-2789-474B-A237-01C643FDFBA7HistoryDec 07, 2022 - 12:00 a.m.
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
2022-12-0700:00:00
Hussien Misbah
wpscan.com
13
bookingpress plugin
unauthenticated
idor
vulnerability
appointment_id
insecure direct object reference
thank you page
query parameter
information disclosure
poc
curl
base64
host
service
datetime
customer
software.
EPSS
0.001
Percentile
40.5%
The plugin suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it’s thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
PoC
curl -s “http://host/thank-you/?appointment_id=$(echo 2 | base64 )” | grep “(service|datetime|customer)” changing the number reveals the customer name tied to this appointment if there is no result then this appointment is not reversed yet.
Related
wpexploit
wpexploit
BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
2022-12-07 00:00:00
cve
cve
CVE-2022-4340
2023-01-02 22:15:17
nvd
nvd
CVE-2022-4340
2023-01-02 22:15:17
cvelist
cvelist
CVE-2022-4340 BookingPress < 1.0.31 - Unauthenticated IDOR in appointment_id
2023-01-02 21:49:16
prion
prion
Information disclosure
2023-01-02 22:15:00