CVE-2021-24555 - Vulnerability Details - OpenCVE

The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00303.

Key SSVC decision points have not yet been added.

Vendors	Products
Roosty	Diary-availability-calendar

Configuration 1 [-]

cpe:2.3:a:roosty:diary-availability-calendar:*:*:*:*:*:wordpress:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/
https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-08-23T11:10:09

Updated: 2024-08-03T19:35:20.187Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24555

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-23T12:15:09.900

Modified: 2024-11-21T05:53:17.647

Link: CVE-2021-24555

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Diary & Availability Calendar", "vendor": "Unknown", "versions": [{"lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Shreya Pohekar of Codevigilant Project"}], "descriptions": [{"lang": "en", "value": "The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-23T11:10:09", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f"}, {"tags": ["x_refsource_MISC"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/"}], "source": {"discovery": "UNKNOWN"}, "title": "Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24555", "STATE": "PUBLIC", "TITLE": "Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Diary & Availability Calendar", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.0.3", "version_value": "1.0.3"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Shreya Pohekar of Codevigilant Project"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}, {"description": [{"lang": "eng", "value": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f"}, {"name": "https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/", "refsource": "MISC", "url": "https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:35:20.187Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24555", "datePublished": "2021-08-23T11:10:09", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:35:20.187Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:roosty:diary-availability-calendar:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B28BBA98-CA77-4E55-9BA7-884071A4B84E", "versionEndIncluding": "1.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The daac_delete_booking_callback function, hooked to the daac_delete_booking AJAX action, takes the id POST parameter which is passed into the SQL statement without proper sanitisation, validation or escaping, leading to a SQL Injection issue. Furthermore, the ajax action is lacking any CSRF and capability check, making it available to any authenticated user."}, {"lang": "es", "value": "La funci\u00f3n daac_delete_booking_callback, enganchada a la acci\u00f3n daac_delete_booking AJAX, toma el par\u00e1metro id POST que es pasado a la sentencia SQL sin el saneo, comprobaci\u00f3n o escape apropiado, conllevando a un problema de inyecci\u00f3n SQL. Adem\u00e1s, la acci\u00f3n ajax carece de cualquier comprobaci\u00f3n de tipo CSRF y capacidad, haci\u00e9ndola disponible para cualquier usuario autenticado."}], "id": "CVE-2021-24555", "lastModified": "2024-11-21T05:53:17.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-23T12:15:09.900", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://codevigilant.com/disclosure/2021/wp-plugin-diary-availability-calendar/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/8eafd84b-6214-450b-869b-0afe7cca4c5f"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-352"}], "source": "contact@wpscan.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Secondary"}]}