Incorrect Access Control in Laravel Booking System Booking Core 2.0: Unauthorized Access to Vendor/User ID Cards and Trade Licenses

Incorrect Access Control in Laravel Booking System Booking Core 2.0: Unauthorized Access to Vendor/User ID Cards and Trade Licenses

CVE-2021-37331 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.

Learn more about our User Device Pen Test.