CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27862 – WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE
https://notcve.org/view.php?id=CVE-2022-27862
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form. La carga arbitraria de archivos que conduce a RCE en E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin versiones anteriores o iguales a 1.5.3 en WordPress permite a los atacantes cargar y ejecutar tipos de archivos peligrosos (por ejemplo, PHP shell) a través de la carga de la firma en el formulario de reserva • https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce https://wordpress.org/plugins/vikbooking/#developers • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27863 – WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2022-27863
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests. Una exposición de información confidencial en el plugin E4J s.r.l. VikBooking Hotel Booking Engine & PMS versiones anteriores a 1.5.3 incluyéndola en WordPress, permite a atacantes conseguir los datos de las reservas al adivinar/forzar de forma bruta IDs de reservas fáciles de predecir por medio de peticiones POST de búsqueda • https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-sensitive-data-exposure-vulnerability https://wordpress.org/plugins/vikbooking/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •