Platform
wordpress
Component
salon-booking-system
Fixed in
9.9.1
CVE-2024-37231 describes an Arbitrary File Access vulnerability within the Salon Booking System. This flaw allows attackers to potentially read sensitive files on the server due to improper input validation. The vulnerability impacts versions of the Salon Booking System up to 9.9, and a patch is available in version 9.9.1.
The Arbitrary File Access vulnerability allows an attacker to bypass intended security restrictions and access files outside of the intended directory. This could lead to the exposure of sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could result in a complete compromise of the system, allowing an attacker to gain unauthorized access and potentially execute arbitrary code. The impact is amplified if the server hosts other sensitive applications or data.
CVE-2024-37231 was publicly disclosed on 2024-06-24. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.
Exploit Status
EPSS
0.14% (34% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-37231 is to upgrade the Salon Booking System to version 9.9.1 or later, which contains the fix for this vulnerability. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting file access permissions on the server or implementing a Web Application Firewall (WAF) with rules to block path traversal attempts. Regularly review and update file access controls to minimize the potential impact of this vulnerability.
Actualice el plugin Salon Booking System a la última versión disponible. La vulnerabilidad de eliminación arbitraria de archivos se ha corregido en versiones posteriores a la 9.9. Consulte el registro de cambios del plugin para obtener más detalles sobre la corrección.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-37231 is a HIGH severity vulnerability allowing attackers to read arbitrary files on a server running the Salon Booking System. It impacts versions up to 9.9.
You are affected if you are using Salon Booking System version 9.9 or earlier. Upgrade to 9.9.1 to mitigate the risk.
Upgrade to Salon Booking System version 9.9.1 or later. As a temporary workaround, restrict file access permissions or implement a WAF.
Currently, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly.
Refer to the official Salon Booking System website or security advisory channels for the latest information and updates regarding CVE-2024-37231.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.