CVE-2021-37331

{"id": "CVE-2021-37331", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-10-04T14:15:07.433", "references": [{"url": "https://www.navidkagalwalla.com/booking-core-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.navidkagalwalla.com/booking-core-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL."}, {"lang": "es", "value": "Laravel Booking System Booking Core versi\u00f3n 2.0, es vulnerable a un Control de Acceso Incorrecto. En la p\u00e1gina de Verificaciones, despu\u00e9s de subir un DNI o Licencia Comercial y visualizarlo, pueden visualizarse los DNI y Licencias Comerciales de otros vendedores/usuarios cambiando la URL"}], "lastModified": "2024-11-21T06:14:58.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bookingcore:booking_core:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9476082F-B54F-46BB-9016-DF83BC0CCA08"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}