The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information.

The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘order_id’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).