CVE-2023-38520 - OpenCVE

External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://patchstack.com/database/vulnerability/booking-system/wordpress-pinpoint-booking-system-plugin-2-9-9-3-4-parameter-tampering?_s_id=cve

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-04T07:13:28.609Z

Updated: 2024-06-04T07:13:28.609Z

Reserved: 2023-07-18T17:33:34.155Z

Link: CVE-2023-38520

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-04T08:15:08.787

Modified: 2024-06-04T16:57:41.053

Link: CVE-2023-38520

JSON object: View

Redhat Information

No data.

CWE

CWE-472

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38520", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-07-18T17:33:34.155Z", "datePublished": "2024-06-04T07:13:28.609Z", "dateUpdated": "2024-06-04T07:13:28.609Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "booking-system", "product": "Pinpoint Booking System", "vendor": "PINPOINT.WORLD", "versions": [{"changes": [{"at": "2.9.9.3.5", "status": "unaffected"}], "lessThanOrEqual": "2.9.9.3.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "yuyudhn (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.<p>This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4.</p>"}], "value": "External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4."}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-472", "description": "CWE-472 External Control of Assumed-Immutable Web Parameter", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-04T07:13:28.609Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/booking-system/wordpress-pinpoint-booking-system-plugin-2-9-9-3-4-parameter-tampering?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 2.9.9.3.5 or a higher version."}], "value": "Update to 2.9.9.3.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}