confirmation email with link to the back end of the page

Hello,

can somebody look on this problem? We are experiencing the same issue. If we create reservation for the customer, he gets link in confirmation email that allows him to operate within the booking system as the user who created the reservation = admin account.
Customer is then able to add/update/delete/create new reservation. The main problem is data privacy over the other customers, and possible loss or already created reservation from other customers!
Thanks for reply!
The page is : https://www.lr-fyzio.cz

Thanks, Tony

Unfortunately I have not received any help with this problem. Does anyone have a golden tip?

I found the cause of this.
In our case, if we as admins create a new reservation for customer (without registering new account), in the confirmation email is link to manage reservations for our admin account = customer then see all reservations within the system…
It doesnt matter if we create the reservation from calendar, or from reservation list (via the button add reservation).
If we log off, and create the reservation for not registered customer, then the customer recieves email with no link to manage his reservations – locagicaly, because he doesnt have any account.

Long story short, if an admin create reservation for not registered customer, and write the customer email in it, then this customer recieves confirmation email with link to manage reservation with that particular admin permission.

This needs to be fixed fast, as it endanger customer private data…

Thanks,

Tony

We have the same problem. Please fix this issue as soon as possible, as this is a serious secrutiy issue giving others the possibility to leak private user data!