CVE-2024-37231 — Path Traversal in Salon Booking System

CWE-22 — Path Traversal3 documents3 sources

Severity

9.1CRITICALNVD

CNA8.6

EPSS

0.1%

top 65.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Salonbookingsystem Salon Booking System Salon Booking System Wordpresschef Salon Booking System Free Version

Timeline

PublishedJun 24

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶NVDsalonbookingsystem/salon_booking_system< 10.0

▶CVEListV5salon_booking_system/salon_booking_systemn/a — 9.9

▶CVEListV5wordpresschef/salon_booking_system_free_version9.9

🔴Vulnerability Details

GHSA

GHSA-ggxf-9p7h-xv59: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File↗2024-06-24

▶

CVEList

WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability↗2024-06-24

▶