PT-2023-30732 · Unknown · Availability Booking Calendar
Published
2023-12-06
·
Updated
2023-12-11
·
CVE-2023-48207
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Availability Booking Calendar version 5.0
Description
The issue allows CSV injection via the unique ID field in the Reservations list component.
Recommendations
For Availability Booking Calendar version 5.0, consider restricting access to the Reservations list component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the unique ID field in the Reservations list component.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Availability Booking Calendar