CVE-2024-4442 — Path Traversal in Salon Booking System

CWE-22 — Path Traversal CWE-459 — Incomplete Cleanup4 documents4 sources

Severity

9.1CRITICALNVD

CNA8.6

EPSS

33.7%

top 3.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Salonbookingsystem Salon Booking System Wordpresschef Salon Booking System Free Version

Timeline

PublishedMay 21

Latest updateNov 5

Description

The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. This was partially patched in 9.9, and sufficiently patched in 10.0. CVE-2024-37231 appear…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5wordpresschef/salon_booking_system_free_version9.9

▶NVDsalonbookingsystem/salon_booking_system< 10.0

Patches

Patch: plugins.trac.wordpress.org ↗Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-rrv6-pjjr-4r3x: The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9↗2024-05-21

▶

CVEList

Salon booking system <= 9.9 - Unauthenticated Arbitrary File Deletion↗2024-05-21

▶

📋Vendor Advisories

Red Hat

kernel: thermal: intel: int340x: processor: Fix warning during module unload↗2024-11-05

▶