DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

CVE-2018-15811: Releases · dnnsoftware/Dnn.Platform

IBM Robotic Process Automation with Automation Anywhere 11 uses a high privileged PostgreSQL account for database access which could allow a local user to perform actions they should not have privileges to execute. IBM X-Force ID: 160764.

CVE-2019-4298: IBM Robotic Process Automation privilege escalation CVE-2019-4298 Vulnerability Report

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

**Abstract**

These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station.

**Affected Products**

Product

Severity

Fixed Release Availability

Photo Station 6.8

Important

Upgrade to 6.8.11-3489 or above.

Photo Station 6.3

Important

Upgrade to 6.3-2977 or above.

**Mitigation**

None

**Detail**

*   CVE-2019-11821
    
    *   Severity: Important
    *   CVSS3 Base Score: 7.3
    *   CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    *   SQL injection vulnerability in synophoto\_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
*   CVE-2019-11822
    
    *   Severity: Moderate
    *   CVSS3 Base Score: 4.3
    *   CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    *   Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

**Acknowledgement**

Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

**Revision**

Revision

Date

Description

1

2019-01-02

Initial public release.

2

2019-06-30

Disclosed vulnerability details.

CVE-2019-11822: Synology_SA_19_01 | Synology Inc.

Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2019-5827

IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.

**CVEID:** CVE-2016-5699  
**DESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.  
CVSS Base Score: 6.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114200 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID**: CVE-2016-8858  
**DESCRIPTION**: OpenSSH is vulnerable to a denial of service, caused by an error in the kex\_input\_kexinit() function. By sending specially crafted data during the key exchange process, a remote attacker could exploit this vulnerability to consume all available memory resources.  
CVSS Base Score: 5.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118127 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:** CVE-2017-7525  
**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base Score: 9.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134639 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2017-15095  
**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base Score: 9.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135123 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2017-17485  
**DESCRIPTION:** Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the default-typing feature. An attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base Score: 9.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137340 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2018-7489  
**DESCRIPTION:** FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue method of the ObjectMapper. By sending specially crafted JSON input, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base Score: 7.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139549 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

**CVEID:** CVE-2018-14721  
**DESCRIPTION:** FasterXML jackson-databind is vulnerable to server-side request forgery, caused by the failure to block the axis2-jaxws class from polymorphic deserialization. A remote authenticated attacker could exploit this vulnerability to obtain sensitive data.  
CVSS Base Score: 5.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155136 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:** CVE-2018-19360  
**DESCRIPTION:** An unspecified error with failure to block the axis2-transport-jms class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.  
CVSS Base Score: 5.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155091 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:** CVE-2018-19361  
**DESCRIPTION:** An unspecified error with failure to block the openjpa class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.  
CVSS Base Score: 5.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155092 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:** CVE-2018-19362  
**DESCRIPTION:** An unspecified error with failure to block the jboss-common-core class from polymorphic deserialization in FasterXML jackson-databind has an unknown impact and attack vector.  
CVSS Base Score: 5.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155093 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

**CVEID:** CVE-2019-4224  
**DESCRIPTION:** IBM PureApplication System is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.  
CVSS Base Score: 6.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159240 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

**CVEID:** CVE-2019-4225  
**DESCRIPTION:** IBM PureApplication System stores potentially sensitive information in log files that could be read by a local user.  
CVSS Base Score: 4.4  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159242 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

**CVEID:** CVE-2019-4234  
**DESCRIPTION:** IBM Pure Application System weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state.  
CVSS Base Score: 4.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159416 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

**CVEID:** CVE-2019-4235  
**DESCRIPTION:** IBM Pure Application System does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.  
CVSS Base Score: 5.9  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159417 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:** CVE-2019-4241  
**DESCRIPTION:** IBM Pure Application System could allow an authenticated user with local access to bypass authentication and obtain administrative access.  
CVSS Base Score: 8.4  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159467 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2019-4241: Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System

IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517.

  

**Summary**

Multiple Security vulnerabilities have been fixed in the 9.0.7 IBM Security Access Manager (ISAM) appliance.

**Vulnerability Details**

**CVEID:** CVE-2018-0732  
**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang.  
CVSS Base Score: 3.7  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/144658 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:** CVE-2018-0739  
**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory.  
CVSS Base Score: 5.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/140847 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

**CVEID:** CVE-2017-3735  
**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate.  
CVSS Base Score: 4.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131047 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

**CVEID:** CVE-2019-4152  
**DESCRIPTION:** IBM Security Access Manager Appliance does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session.  
CVSS Base Score: 5.1  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158515 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:** CVE-2019-4151  
**DESCRIPTION:** IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  
CVSS Base Score: 5.9  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158512 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:** CVE-2019-4150  
**DESCRIPTION:** IBM Security Access Manager Appliance does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.  
CVSS Base Score: 3.7  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158510 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

**CVEID:** CVE-2019-4153  
**DESCRIPTION:** IBM Security Access Manager Appliance could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.  
CVSS Base Score: 6.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158517 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N)

**CVEID:** CVE-2019-4156  
**DESCRIPTION:** IBM Security Access Manager Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  
CVSS Base Score: 5.9  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158572 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:** CVE-2019-4157  
**DESCRIPTION:** IBM Security Access Manager Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base Score: 6.1  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158573 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

**CVEID:** CVE-2019-4158  
**DESCRIPTION:** IBM Security Access Manager Appliance does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors.  
CVSS Base Score: 5.4  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158574 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)

**CVEID:** CVE-2019-5953  
**DESCRIPTION:** GNU Wget is vulnerable to a buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.  
CVSS Base Score: 8.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159154 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2019-9636  
**DESCRIPTION:** Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling in NFKC normalization. By using a specially-crafted URL, an attacker could exploit this vulnerability to obtain sensitive information.  
CVSS Base Score: 7.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158114 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:** CVE-2019-4135  
**DESCRIPTION:** IBM Security Access Manager Appliance is affected by a security vulnerability that could allow authenticated users to impersonate other users.  
CVSS Base Score: 7.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158331 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2013-2197  
**DESCRIPTION:** Login Security module for Drupal is vulnerable to a denial of service caused by an error when the delay feature is configured. A remote attacker could exploit this vulnerability by frequent or concurrent failed attempts to login which can cause the application to crash.  
CVSS Base Score: 4.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85134 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

**CVEID:** CVE-2016-10542  
**DESCRIPTION:** Node.js ws module is vulnerable to a denial of service, caused by improper size limitation of payload. By sending a large payload, a remote attacker could exploit this vulnerability to cause the application to crash.  
CVSS Base Score: 7.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/149138 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:** CVE-2016-5725  
**DESCRIPTION:** JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the implementation for recursive sftp-get containing "dot dot" sequences (/../) to download the malicious files outside the client download base directory.  
CVSS Base Score: 4.3  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117122 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

**CVEID:** CVE-2018-16850  
**DESCRIPTION:** PostgreSQL is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to view, add, modify or delete information in the back-end database.  
CVSS Base Score: 6.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/152915 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**CVEID:** CVE-2017-7546  
**DESCRIPTION:** PostgreSQL could allow a remote attacker to bypass security restrictions, caused by a flaw in the libpq. By setting an empty password, an attacker could exploit this vulnerability to bypass access restrictions and log in to the system.  
CVSS Base Score: 7.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130240 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

**CVEID:** CVE-2017-12172  
**DESCRIPTION:** PostgreSQL could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the start scripts. By creating a symbolic link from the $PGLOG file to a critical file, an attacker could exploit this vulnerability to modify root-owned files.  
CVSS Base Score: 7.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134712 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2016-7048  
**DESCRIPTION:** PostgreSQL could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Interactive installer. By persuading victim to download a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.  
CVSS Base Score: 7.5  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148749 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2016-0766  
**DESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the failure to restrict configuration settings (GUCS) for PL/Java. By modifying the settings, an attacker could exploit this vulnerability to gain elevated privileges on the system.  
CVSS Base Score: 8.8  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110627 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:** CVE-2019-4145  
**DESCRIPTION:** IBM Security Access Manager Appliance could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system.  
CVSS Base Score: 7.7  
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158400 for the current score  
CVSS Environmental Score\*: Undefined  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

**Affected Products and Versions**

ISAM 9.0.1, 9.0.2 9.0.3, 9.0.4, 9.0.5, 9.0.6

ISAM Appliance 9.0.1, 9.0.2 9.0.3, 9.0.4, 9.0.5, 9.0.6

**Remediation/Fixes**

Product

VRMF

Remediation/First Fix

ISAM

9.0.1 -9.0.6

ISAM 9.0.7.0

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

IBM X-Force Ethical Hacking Team: Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza, Matt McCarty, Vincent Dragnea, Troy Fisher, Nathan Roane

**Change History**

21 June 2019: First version published.

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

**Internal Use Only**

Advisories: 13963, 15533, 15534, 15535, 15537, 15575, 15576, 15577, 15578, 13128, 15499, 14228, 16424, 15876, 15392, 15500, 15501

Product Records: 126047, 133096, 133097, 133098 133099, 133266, 133267 133268, 133269,130313, 132944, 127298, 137192, 134825, 132173, 123945, 132947

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"9.0.1;9.0.2;9.0.3;9.0.4;9.0.5;9.0.6","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSQRZH","label":"IBM Security Access Manager Appliance"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"9.0.1;9.0.2;9.0.3;9.0.4;9.0.5;9.0.6","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

CVE-2019-4153: Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance

A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.

Release date: April 25, 2019

These release notes describe the new features, improvements, and fixed issues in Serv-U File Server 15.1.7. They also provide information about upgrades and describe workarounds for known issues.

If you are looking for previous release notes for Serv-U File Server, see Previous Version documentation.

NPAPI is deprecated in Google Chrome. This means Web Client Pro will not function in Google Chrome. As a workaround, access Web Client Pro using another browser.

**New features and improvements**

Return to top

Serv-U 15.1.7 is a service release containing three hotfixes, and additional fixes, described here.

**Previous releases**

Serv-U 15.1.6 included the following new features and updates:

*   Support for Explicit SSL when connected to SMTP server
*   Support for HTTP Strict Transport Security
*   Support for Elliptic-curve Diffie-Hellman (ECDH) key exchange
*   Forward secrecy is enabled by default (new installations only)
*   TLS 1.0 is disabled by default (new installations only)
*   Disabled SSL/TLS ciphers based on 64-bit block size (new installations only)
*   Support for Secure LDAP protocol (Windows installation only)
*   Various fixes described in the Fixed Issues section.

Serv-U 15.1.5 was a service release containing security fixes, described in the Fixed Issues section.

Serv-U 15.1.4 was a service release containing two hotfixes, described in the Fixed Issues section.

Serv-U 15.1.3 was a service release containing two hotfixes, described in the Fixed Issues section.

For earlier Serv-U 15.x.x releases, please visit the Previous Versions page.

**Fixed issues**

Return to top

Serv-U 15.1.7 fixes the following issues.

 

Case Number

Description

423241

Fixed issue where writing files to disk could cause bottleneck

1197511

Corrected SSL error handling on Socket level

00063383

Fixed issue with service when sending download link to guest user

00068104

Corrected format for X-Csrf-Token HTTP header (FTP Voyager JV)

00159690

Fixed issue with ODBC database validation

00200302

CSRF issues resolved.

00186124

Can now add a user to a collection when the user exists in another collection

00204425

Serv-U no longer deletes incorrect files from directories with delete rules

00229117

Serv-U no longer response incorrectly when empty user name and password is used to log on

00284847

Issues in web management interface fixed

00061457

Special characters from E-mail notification template not sent correctly

00039051, 00081081, 00195143, 00263829, 00260387, 00218061, 1362493, 1338156

Updated jquery libraries

00054823, 1320710, 1335744

Files list returned corrected from LIST Command

00085995, 00201705

CVE-1999-0017 vulnerability fixed.

00187355, 00065590, 00053277, 00105077, 00123871

Multiple issues in SFTP protocol resolved

00240051, 00267281, 00260953, 00280283, 00285641

WinSCP upload issues resolved

n/a

Resolved a privilege escalation issue, logged as CVE-2018-19999 – with thanks to Chris Moberly at The Missing Link.

n/a

Resolved a privilege escalation issue, logged as CVE-2019-12181 – with thanks to Guy Levin (@va\_start).

Serv-U 15.1.6 fixes the following issues.

 

Case Number

Description

961565, 1183341, 887731, 1123968, 1125053, 901145, 1091444, 1131439, 1080928, 796814, 799615, 787936, 1036534

Fixed an issue with limited top level domain.

1050275

Fixed an issue with long timeout where LDAP server was unavailable

166489, 1126605, 914000

Fixed an issue with SSH Ciphers description.

1186645, 979487

Fixed an impersonation issue during downloads.

1039205

Fixed an issue with password stale event.

1086638, 1209329

Fixed an issue with special characters in File Sharing notification template.

1129144, 1115351

Fixed a possible crash of Gateway.

1163543

Fixed an issue with user creation wizard.

1123779

Fixed a memory leak issue related to SFTP sessions.

1231876, 1233371, 1209874

Fixed broken links to support site.

1124857, 1181653, 1215831, 1223871, 1230986, 1241567, 1326419

Fixed an issue with bare line feed character.

Serv-U 15.1.5 fixes the following issues.

 

Case Number

Description

1110916

Fixed potential vulnerability with unauthenticated privilege escalation Reported by – Trustwave SpiderLabs Contact - Leopold von Niebelschuetz-Godlewski

904433, 804380

Fixed an issue with possibility of unauthorized access to the files in installation folder on web server. Reported by – www.netspi.com Contact - Cody Wass (Cody. Wass@netspi.com)

1065565, 1061848, 1056263, 1054225, 1090081, 1045088

Fixed an issue where domain users were not able to login when ldap suffix was used.

741595

Fixed a memory leak issue that occurred during LDAP authentication.

951099, 1065736, 1022993

Fixed a memory leak issue that occurred during SFTP session.

882524, 909979, 871563, 867742, 867834, 981751, 877933

Fixed an issue with "Automatic idle connection timeout" limit.

Serv-U 15.1.4 fixes the following issues.

 

Case Number

Description

991668

ECDHE-RSA-AES256\* ciphers shown as enabled or disabled correctly

954294

Long (encrypted) passwords issue fixed.

984664, 1003106, 993854

OpenSSL vulnerabilities - updated to 1.0.2h

932381

SHA-1 Cert deprecation (Previous cert was due to expire in January 2017)

984485, 887910, 741595

LDAP suffix issue fixed

844572, 894400, 953313, 910253, 881308, 914055, 990080

Web client Favorites fixed.

1005791, 1005383, 990956, 984664, 982577, 966856, 948270, 963296, 941118, 934566, 927375, 917616, 900288, 883047, 885033, 884883, 876306, 876820, 874853, 872968, 857502, 862922, 853433

Serv-U no longer freezes in FIPS mode during SFTP connections.

Serv-U 15.1.3 fixes the following issues.

 

Case Number

Description

872782, 864631

Case sensitivity issues occurred when configuring Directory Access rules.

n/a

An issue with LDAP public key authentication.

n/a

Memory leak occurs during LDAP authentication.

853136

An issue with the expired password change functionality.

868638

An issue with multi-line FTP responses for the FEAT command.

n/a

An issue with the possibility of SQL injection in the invitation link used by secure file sharing.

625348

An issue with the possibility of persistent cross-site scripting in file sharing.

n/a

An issue with the possibility of the injection of additional email headers using a crafter subject in an upload or download request.

**Legal notices**

Return to top

© 2019 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2019-12181: Serv-U File Server 15.1.7 Release Notes

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

An issue was discovered in Tyto Sahi Pro ( <= 8.x )  
A parameter in the web reports module is vulnerable to  SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

It was found in sahi reports web interface,whenever we search for a particular report using search field , direct sql query was passed as part of GET request. This query can be manipulated to dump internal details such as database name ,database path , read files using h2 system functions , user details , schema details and other critical information related to the internals of sahi database to external adversary  on same network.

Proof of concept :

              **Fig 1 : sql query is directly passed as part of GET request**

Sahi web reports interface allows an end user to search for a report based on its name. This user supplied parameter is converted into a SQL query and is directly passed as part of URL as shown in figure 1.

As sahi is using **H2 database** to store the reports and other data, an end user can exploit this scenario to run **h2 database system functions** by manipulating the passed SQL query .

               **Fig 2 : leak of memory used by sahi application ( memory\_used() )**

**Modified URL :**

**http://localhost:9999/\_s\_/dyn/pro/DBReports?sql=SELECT DISTINCT memory\_used() AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS.\* FROM SUITEREPORTS,SCRIPTREPORTS**

           **Fig 3 : leak of database path by sahi application ( database\_path() )**

**Modified URL:**

**http://localhost:9999/\_s\_/dyn/pro/DBReports?sql=SELECT DISTINCT database\_path() AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS.\* FROM SUITEREPORTS,SCRIPTREPORTS**

       **Fig 4 : leak of current database user by sahi application ( user() )**

**Modified URL:** 

**http://localhost:9999/\_s\_/dyn/pro/DBReports?sql=SELECT DISTINCT user() AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS.\* FROM SUITEREPORTS,SCRIPTREPORTS**

All h2 system functions can be used to abuse and leak more sensitive  information by un-authenticated user .

Disclosure timeline :

disclosed on : 8/ December / 2018

suggested quick fix till the official patch is released : password protect web reports module

Affected versions : all versions of **sahi pro ( <= 8.x ) (web application automation )**

**vendor website** :  https://sahipro.com/

**Post navigation**

CVE-2018-20469: CVE-2018-20469 - Sahi pro (

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

**Summary**

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy’s Temp directory. An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.

**Tested Versions**

Gog Galaxy 1.2.48.36 (Windows 64-bit Installer)

**Product URLs**

https://www.gog.com/galaxy

**CVSSv3 Score**

9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

**CWE**

CWE-276: Incorrect Default Permissions

**Details**

GOG Galaxy is a platform that allows users to launch, update and manage video games. By default, GOG Galaxy extracts the executables for the automatic update function in a directory that allows anyone on the system to have “full control.” This allows all users to read, write or modify arbitrary files related to the GOG Galaxy Updater Service. The executables include sensitive data, such as a root CA, as well as executables that will be run with SYSTEM privileges once they are installed, allowing an attacker to overwrite them prior to installation to achieve arbitrary code execution with SYSTEM privileges.

\`\`\` C:>icacls.exe “C:\\ProgramData\\GOG.com\\Galaxy\\temp\\desktop-galaxy-updater” C:\\ProgramData\\GOG.com\\Galaxy\\temp\\desktop-galaxy-updater Everyone:(I)(F) Everyone:(I)(OI)(CI)(IO)(F) NT AUTHORITY\\SYSTEM:(I)(OI)(CI)(F) BUILTIN\\Administrators:(I)(OI)(CI)(F) SPRITE\\rjohnson:(I)(F) CREATOR OWNER:(I)(OI)(CI)(IO)(F) BUILTIN\\Users:(I)(OI)(CI)(RX) BUILTIN\\Users:(I)(CI)(WD,AD,WEA,WA)

Successfully processed 1 files; Failed processing 0 files

C:>dir “C:\\ProgramData\\GOG.com\\Galaxy\\temp\\desktop-galaxy-updater” Volume in drive C has no label. Volume Serial Number is DEC6-C1D3

Directory of C:\\ProgramData\\GOG.com\\Galaxy\\temp\\desktop-galaxy-updater

11/09/2018 03:10 PM

. 11/09/2018 03:10 PM

.. 11/06/2018 12:11 PM 152,648 expat.dll 11/06/2018 12:11 PM 1,487,944 GalaxyUpdater.exe 11/06/2018 12:11 PM 1,273,416 libeay32.dll 11/06/2018 12:11 PM 426,568 pcre.dll 11/06/2018 12:11 PM 157,256 PocoCrypto.dll 11/06/2018 12:11 PM 1,856,072 PocoData.dll 11/06/2018 12:11 PM 387,656 PocoDataSQLite.dll 11/06/2018 12:11 PM 1,656,392 PocoFoundation.dll 11/06/2018 12:11 PM 327,752 PocoJSON.dll 11/06/2018 12:11 PM 1,071,176 PocoNet.dll 11/06/2018 12:11 PM 306,248 PocoNetSSL.dll 11/06/2018 12:11 PM 503,368 PocoUtil.dll 11/06/2018 12:11 PM 513,608 PocoXml.dll 11/06/2018 12:11 PM 270,920 PocoZip.dll 11/06/2018 12:11 PM 4,635,720 Qt5Core.dll 11/06/2018 12:11 PM 250,607 rootCA.pem 11/06/2018 12:11 PM 681,032 sqlite.dll 11/06/2018 12:11 PM 282,696 ssleay32.dll 11/09/2018 03:10 PM

web 11/06/2018 12:11 PM 107,592 zlib.dll 19 File(s) 16,348,671 bytes

**Mitigation**

Users of GOG Galaxy can replace the “Full Control” permission with “Read and Execute” for the “Everyone” group in the GOG Galaxy “Temp” directory and ensure all file system objects below that path inherit from the parent directory.

**Timeline**

2018-11-20 - Vendor Disclosure  
2019-03-14 - Vendor Patched  
2019-03-26 - Public Release

Discovered by Richard Johnson of Cisco Talos.

CVE-2018-4048: TALOS-2018-0722 || Cisco Talos Intelligence Group

The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access.

*   Details
*   Reviews
*   Installation
*   Development

The booking calendar plugin for WordPress. WP Booking System is used by more than 9,000 active users, with a satisfaction rate that borders on 5\*!

Is this booking calendar for you?

*   Do you rent something out, like a holiday home, a boat or something else?
*   Do you have a WordPress website and need a bit of help to keep track of your rentals through a booking calendar?

…then yes! The WP Booking System is perfect for your needs.

Get easy online booking with this lightweight and powerful booking system.

**A set-and-forget booking calendar for your rental business**

WP Booking System is a simple booking calendar for WordPress. You will be up and running in just a few minutes. You can create booking calendars and forms, and you can manage your bookings. You can easily customize the booking calendar to fit your needs.

Start receiving bookings from your visitors today!

**Display available dates in your booking calendar**

With just one click you can create the first booking calendar for your holiday home or rental business. Already have bookings made? You can manually manage the calendar’s availability in just a few seconds.

Now your booking calendar is up to date with the latest bookings and available dates!

**Create a form and enable clients to make bookings online**

The beauty of this WordPress booking calendar is that it allows your website visitors to book available calendar dates on the spot through a fully customizable booking calendar form.

Enable your clients to use the rental calendar fast and easy. In just three simple steps, clients will be able to reserve a slot on your booking calendar:

*   Hover over the booking calendar to pick a starting date. Click on it, then move the cursor to select the number of days to book. (clients can easily see booked days by using the booking system legend)
*   Next, fill in the booking system form (you can edit the form fields at any time to make sure clients submit the most relevant information you need; mark fields as compulsory or optional)
*   Finally, click the booking button to make a reservation.

With the premium version of the booking system, you can allow customers to make online bookings using the top payment platforms available at the moment!

> Click here to see a demo of the premium version

You can review and manage calendar bookings from the back-end, so you are always in control. You can even set up automatic calendar notifications so you will receive an email when a booking is made. Now you’re all set to receive online bookings through your booking calendar.

**Receive and manage bookings**

All your bookings are saved in your rental calendar and are beautifully displayed so you can easily access them and view the booking details.

**No time to read the description? Discover the top benefits of WP Booking System in just 40 seconds!**

**Features of the Free version:**

*   Create your own booking system: a booking calendar and a booking form!
*   Receive and manage bookings
*   Save extra booking information
*   Generate a shortcode to insert the booking calendar and booking form into a page or post
*   Use the Gutenberg block to embed the booking calendar
*   WP Booking System Widget
*   The booking calendar supports multiple languages

**EXTRA FEATURES OF THE PREMIUM BOOKING CALENDAR VERSION:**

*   The booking system can accept online and offline payments
*   iCalendar Sync, Import and Export
*   Create an unlimited number of booking calendars
*   Create an unlimited number of booking forms
*   Create your own rental calendar legend: apply your own colors and text
*   Split days selection
*   Display multiple months
*   Change the first day of the week
*   Change the start month / year
*   Display an overview reservation calendar
*   Edit multiple dates with just one click
*   Display tooltips with extra info
*   Hide calendar bookings from the past from your visitors
*   Set the minimum number of days that the visitor must book
*   Show the week’s number on the booking calendar
*   Automatically block booked days directly
*   Send booking notifications
*   User management within the booking system
*   Very easy to translate into any language
*   Professional support for any question related to the booking calendar
*   Download the Premium version at: www.wpbookingsystem.com

**This WP Booking Calendar Plugin is for…**

Any rental business should use the WP Booking Calendar plugin to keep track of their rental calendar throughout the year.

*   Property rentals: bed & breakfast, hotels, hotel rooms, cottages, apartments, houses, apartment rooms (use WP Booking System even when you are renting through AirBNB, Booking.com etc.)
*   Boat rentals
*   Car & motorcycle rentals
*   Sports equipment rentals (full day ski equipment rental, bike rentals, skates rentals etc)
*   Events rentals (full day trainings/courses, parties, weddings, baptisms, corporate events, business meetings, conferences etc)
*   Speakers, singers, photographers, videographers, inspectors can also benefit from using WP Booking system

The booking system will soon become an indispensable tool in your business, and you will find yourself using it daily to manage reservations in your calendar.

**How the booking calendar helps your clients**

*   Clients can make calendar bookings online, by accessing your website
*   No need to call to make a reservation
*   They can see the available calendar dates and manage their schedule to make a booking
*   They can make simple and fast bookings from the comfort of their own home, directly from their mobile phones

**Key booking system benefits for your business**

*   Collect relevant information about your clients through the booking system form (configure the rental calendar form to your needs). No need to call or collect this information at the desk.
*   Use the WP Booking System on the go, from your mobile phone. The WP Booking Calendar can be used from mobile devices with ease – simply log in to your website and make any necessary edits just like on a computer.
*   Manage bookings offline – when you meet with a client 1:1 and they want to make a future booking, simply log in to your website, access the booking calendar and make the reservation on the spot, for them.
*   Stay up to date with calendar bookings by receiving email confirmations and reminders

**WP Booking System in a nutshell…**

Get organised and start receiving bookings with WP booking system. With this WP plugin you can create booking calendars, booking forms and accept bookings via your website. Setting it up is really easy and you will be up and running in just a few minutes. Bookings will be clearly listed in your booking calendar and you can stay organised. The booking calendar plugin works simply and it can be translated into several languages.

This plugin provides 1 block.

*   WP Booking System - Booking Calendar

1.  Install the plugin by uploading the zip file (Plugins > Add New > Upload)
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  Click on the ‘WP Booking System’ menu entry
4.  Click on ‘Add New’ at the top of the page to create a calendar
5.  To embed a calendar on a page or post, use the ‘Add Calendar’ button at that page

**How can I embed the booking calendar on a page or post?**

By using the ‘Add Calendar’ button above the editor, the Gutenberg module, a widget, or directly by using the shortcode. An example of the shortcode is:

    [wpbs id="1" title="yes/no" legend="yes/no" language="auto" form_id="1"]
    

**Will this booking system work for me?**

We’re pretty sure about that! We made this plugin as ‘flexible’ as possible. The booking plugin works with bookings on a per day basis (no time slots). So if you rent something out on a daily basis, then the WP Booking System is a good choice.

**I have another question**

Please see www.wpbookingsystem.com for more information and ask your questions there!

Very good plugin, fits exactly to our needs. The most reactive an fastest support I have ever seen.

Great versatile plugin and the support is excellent.

When asking for an update to a Wordpress plugin you immediately think that you won't even get a reply but I was pleasantly surprised when Roland replied to my request saying that if they get time they will include my request.I thought that this would be the end of it but 2 weeks later when there was a plugin update, I noticed that my request had been considered and implemented.This makes my life so much easier when the people booking wish to change the boat they have booed and now that I can easily switch calendars without deleting and re entering all the details. Many thanks and special praise to the supporter named Roland!Lucien @ Ellerbeck Narrowboats

The support from Roland is fantastic, fast and in depth. I had a requirement for an additional function, Roland was back within an hour with it added to the Pro version. Can't recomment this plugi highly enough.

I installed this for our campsite bookings. I have tried a couple of other booking plugins but this is by far the best. Our requirement are straightforward: a single campsite that only takes one booking, but has variable nightly costs and optional additional campers. The plugin was perfect for this. Set up was a bit involved, but they all are like that. Configuration of things like notifications and payments was straightforward and clear. The Stripe integration is particularly good. I only have one criticism: when you configure manual acceptance of bookings, and then accept a booking, the relevant date statuses do not update automatically. This has to be done manually. However, I'm sure they will change that at some point. All in all a great plugin, well worth the fee and with really good support.

Plugin is working really well. Managing my bookings and syncing with bookin.com and AirBnB works like a charm. In the exceptional situation that I need some support, Roland is always available to help out. Perfect support.

Read all 248 reviews

“WP Booking System – Booking Calendar” is open source software. The following people have contributed to this plugin.

Contributors

*    Roland Murg

**2.0.18.1**

*   Improved: Security improvements

**2.0.18**

*   Fixed: Deprecated notice when activating the plugin

**2.0.17**

*   New: Added “Number” form field

**2.0.16**

*   Improved: Updated Elementor Widget

**2.0.15**

*   Improved: Security fix

**2.0.14**

*   New: Added Icelandinc Language
*   New: Added Chinese Language
*   New: Added Latvian Language
*   Improved: Compatibility with WP 5.6 and TwentyTwentyone theme

**2.0.13**

*   Fixed: Bug with reCAPTCHA key not being included.

**2.0.12**

*   New: Added Indonesian language
*   Fixed: An issue with calendar not being sized properly on page load.
*   Fixed: An issue that could cause reCAPTCHA not to validate on some server configurations.

**2.0.11**

*   Improved: Minified CSS and JS Files.
*   Improved: Removed Duplicate HTML IDs in form editor
*   Fixed: A jQuery error that appeared in some cases when editing the form

**2.0.10**

*   Fixed: Backend calendar is now displayed in the correct language set in WordPress.

**2.0.9**

*   Improved: Compatibility changes for the new WordPress 5.4
*   Improved: Calendar dynamic sizing when resizing the viewport

**2.0.8**

*   Fixed: Single date selection on mobile devices

**2.0.7**

*   New: Added Korean language
*   Improved: Changed translation file locations
*   Improved: Minified JS file
*   Fixed: CSS display issue for Email Tags
*   Fixed: Language codes for Slovenian and Swedish
*   Fixed: Changed Czech flag

**2.0.6**

*   Improved: Admin Layout changes to match WP 5.3

**2.0.5**

*   Fixed: Widget not allowing a calendar without a form
*   Fixed: Email not allowing HTML tags

**2.0.4**

*   Fixed: Translation of dates sent in emails
*   Fixed: iCalendar sync delay bug
*   Improved: Calendar date selection styling

**2.0.3**

*   Added: Chinese Language

**2.0.2**

*   Fixed: iPhone and iPad bug when selecting calendar dates

**2.0.1**

*   Fixed: Bug that caused some emails not to be sent.

**2.0.0**

*   Major Rebuild
*   New: Gutenberg Module
*   Improved: Calendar Editor
*   Improved: Form Builder
*   Improved: Booking Manager
*   Improved: Calendar front-end display

**1.5.2**

*   Fixed Deprecated widget constructor

**1.5.2**

*   Security Improvements

**1.5.1**

*   Fixed: Issue with hovering over calendar dates.

**1.5**

*   Added Bulgarian language
*   Fixed Mod\_Security new SQL Injection filter conflict

**1.4**

*   Added filters to sanitize user input to prevent cross-site scripting (XSS) and SQL injections. Thanks to JPCERT/CC for pointing us at this issue.

**1.3.3**

*   Fixed a small CSS issue regarding bulk edit

**1.3.2**

*   Fixed translation problem regarding form options (i.e. radio buttons)

**1.3.1**

*   The notification of unread bookings now disappears when you delete the related calendar

**1.3**

*   The admin panel is now fully responsive
*   Updated the Premium features list

**1.2.3**

*   Small tweak to support PHP 7

**1.2.2**

*   Hide notifications in the toolbar when the user does not have access to the corresponding page

**1.2.1**

*   Decode booking details before saving

**1.2**

*   Minor bug fixes

**1.1**

*   UTF-8 fix

**1.0**

*   Changed the version number to 1.0

**0.7**

*   Small CSS fixes and a language fix related to the widget

**0.6**

*   Second output buffer fix

**0.5**

*   Output buffer fix

**0.4**

*   Fix in booking details fields.
*   Update (elaboration): The booking notes (the content of the text fields near the editable dates in the admin panel) were shown in the source code of the page the calendar was displayed on (this content can also be indexed by Google). If you were vulnerable, your website and the booking notes may have been archived and exposed by https://archive.org, and possibly by other sites. Please ask them to delete your data if needed. Affected versions of the Free version: All versions lower than 0.4.

**0.3**

*   Minor fix

**0.2**

*   Small CSS fixes

**0.1**

*   First release

Tag

#sql