CVE-2021-37331

Published: Oct 4, 2021Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.

Affected (1)

Products: Bookingcore: Booking Core

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bookingcore Booking Core	Version 2.0

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.navidkagalwalla.com/booking-core-vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.navidkagalwalla.com/booking-core-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.