CVE-2022-1463 The Booking Calendar plugin is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode up to and including version 9.1

If a user is able to access the booking calendar via a route such as http://host/booking-calendar/(booking_location) they could inject arbitrary code into the site which would be executed by the Calendar plugin. This could include stealing data or changing the site’s functionality. A malicious user would simply need to be subscribed to a calendar and have access to the [bookingflextimeline] shortcode to exploit this issue.

The Booking Calendar plugin for WordPress is also vulnerable to SQL injection. This issue occurs when a user is able to access the [bookingflextimeline] shortcode via a route such as http://host/booking-calendar/(booking_location) or http://host/booking-calendar/[booking_location] and inject arbitrary SQL code into the database. This could be exploited by a malicious user to execute arbitrary SQL code that would cause the site to perform requests on behalf of the user.

The Booking Calendar Plugin for WordPress

The Booking Calendar plugin for WordPress is vulnerable to SQL injection and could be exploited by a malicious user. This issue occurs when a user is able to access the [bookingflextimeline] shortcode via a route such as http://host/booking-calendar/(booking_location) or http://host/booking-calendar/[booking_location] and inject arbitrary SQL code into the database.

SQL Injection

SQL injection occurs when an attacker is able to inject SQL code into the system. This could be exploited by a malicious user to execute arbitrary SQL code that would cause the site to perform requests on behalf of the user.
The Booking Calendar plugin for WordPress is also vulnerable to SQL injection. This issue occurs when a user is able to access the [bookingflextimeline] shortcode via a route such as http://host/booking-calendar/(booking_location) or http://host/booking-calendar/[booking_location] and inject arbitrary SQL code into the database. This could be exploited by a malicious user to execute arbitrary SQL code that would cause the site to perform requests on behalf of the user.

SQL Injection - CVE-2022-1464

The Booking Calendar plugin for WordPress is also vulnerable to SQL injection. This issue occurs when a user is able to access the [bookingflextimeline] shortcode via a route such as http://host/booking-calendar/(booking_location) or http://host/booking-calendar/[booking_location] and inject arbitrary SQL code into the database. This could be exploited by a malicious user to execute arbitrary SQL code that would cause the site to perform requests on behalf of the user.

Timeline

Published on: 05/10/2022 20:15:00 UTC
Last modified on: 05/17/2022 20:49:00 UTC

References