Page 2 of 6 results (0.004 seconds)
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1409 – VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload
https://notcve.org/view.php?id=CVE-2022-1409
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code El plugin VikBooking Hotel Booking Engine & PMS de WordPress versiones anteriores a 1.5.8, no comprueba apropiadamente las imágenes, lo que permite a usuarios con altos privilegios, como los administradores, cargar archivos PHP disfrazados de imágenes y que contienen código PHP malicioso • https://wpscan.com/vulnerability/1330f8f7-4a59-4e9d-acae-21656a4101fe • CWE-434: Unrestricted Upload of File with Dangerous Type •