CVE-2021-37331

Name of the Vulnerable Software and Affected Versions Laravel Booking System Booking Core version 2.0

Description The issue allows unauthorized access to sensitive information. Specifically, on the Verifications page, after uploading an ID Card or Trade License and viewing it, an attacker can view ID Cards and Trade Licenses of other vendors or users by modifying the URL.

Recommendations For Laravel Booking System Booking Core version 2.0, consider restricting access to the Verifications page and ensure proper validation of user input to prevent unauthorized access to sensitive information. As a temporary workaround, restrict the ability to view ID Cards and Trade Licenses of other vendors or users until a proper fix is implemented.