This vulnerability (CVE-2024-30516) in SaasProject Booking Package arises from improper validation of input quantities, which results in access control weaknesses. Specifically, the affected functionality is not properly constrained by ACLs, potentially allowing unauthorized access or actions. The issue affects all versions up to 1.6.27. The CVSS 3.1 vector indicates the vulnerability is remotely exploitable over the network without privileges or user interaction, impacting integrity but not confidentiality or availability.

The vulnerability allows unauthorized users to access or invoke functionality that should be restricted by ACLs, potentially leading to unauthorized modification or manipulation of booking data or related system functions. Confidentiality and availability are not impacted according to the CVSS vector, but integrity is highly impacted. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix is currently available, users should monitor vendor communications for updates. Until a fix is released, consider restricting network access to the affected Booking Package or applying compensating controls to limit unauthorized access to sensitive functionality.