Lucene search
+L

145 matches found

wpexploit
wpexploit
added 2022/04/21 12:0 a.m.446 views

VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting

The plugin does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed v 1.5.7 Add/edit a custom field /wp-admin/admin.php?option=comvikbooking&task=custo...

4.8CVSS0.5AI score0.00577EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/21 12:0 a.m.410 views

VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...

6.5CVSS0.8AI score0.00524EPSS
Exploits2
Patchstack
Patchstack
added 2022/04/21 12:0 a.m.24 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.6 - PHP File Upload vulnerability

PHP File Upload vulnerability discovered by Gabriel3476 in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.6. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.8...

7.2CVSS2AI score0.01467EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2022/04/19 9:15 p.m.22 views

CVE-2022-27863

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...

5.3CVSS0.01067EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/04/19 8:26 p.m.7 views

CVE-2022-27863 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...

5.3CVSS5.2AI score0.01067EPSS
Exploits0References2
CVE
CVE
added 2022/04/19 8:26 p.m.86 views

CVE-2022-27863

The CVE targets WordPress VikBooking Hotel Booking Engine & PMS plugin

5.3CVSS5.2AI score0.01067EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/19 8:26 p.m.6 views

CVE-2022-27862 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to upload and execute dangerous file types e.g. PHP shell via the signature upload on the booking form...

9.8CVSS9.6AI score0.01617EPSS
Exploits0References2
CVE
CVE
added 2022/04/19 8:26 p.m.83 views

CVE-2022-27862

The CVE-2022-27862 entry concerns the WordPress VikBooking Hotel Booking Engine & PMS plugin (versions

9.8CVSS9.7AI score0.01617EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/19 8:26 p.m.26 views

CVE-2022-27862 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to upload and execute dangerous file types e.g. PHP shell via the signature upload on the booking form...

9.8CVSS9.8AI score0.01617EPSS
Exploits0References2
Patchstack
Patchstack
added 2022/04/18 12:0 a.m.26 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...

5.3CVSS2.4AI score0.01067EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/18 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.4 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate the signature file uploaded via its booking form, which could allow unauthenticated attacker to upload arbitrary files...

9.8CVSS3.4AI score0.01617EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/04/18 12:0 a.m.42 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Arbitrary File Upload leading to RCE discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...

9.8CVSS2.7AI score0.01617EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/06/19 5:15 p.m.20 views

CVE-2018-17842

SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...

9.8CVSS9.9AI score0.02209EPSS
Exploits1References2
OSV
OSV
added 2019/06/19 5:15 p.m.5 views

CVE-2018-17842

SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...

9.8CVSS5.8AI score0.02209EPSS
Exploits1References2
Prion
Prion
added 2019/06/19 5:15 p.m.9 views

Sql injection

SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...

7.5CVSS9.8AI score0.02209EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/06/19 4:5 p.m.81 views

CVE-2018-17842

CVE-2018-17842 affects Scriptzee Hotel Booking Engine 1.0, with a SQL injection vulnerability exposed via the hotels h_room_type parameter. The vulnerability allows potentially unauthorized access to data and manipulation of the backend database. According to NVD, the CVSS scores are CVSSv3.1: 9....

9.8CVSS9.8AI score0.02209EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/06/19 4:5 p.m.20 views

CVE-2018-17842

SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...

9.9AI score0.02209EPSS
Exploits1References2
0day.today
0day.today
added 2018/10/01 12:0 a.m.25 views

Hotel Booking Engine 1.0 - h_room_type SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on:...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/10/01 12:0 a.m.23 views

Hotel Booking Engine 1.0 SQL Injection

Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-01 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-N/A PO...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2017/09/11 12:0 a.m.80 views

Professional Service Booking Software 1.0 SQL Injection

Exploit Title: Professional Service Booking Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine Demo: http://professionalservice.scriptzee.com/ Version: 1.0 Category:...

0.4AI score
Exploits0
Rows per page
Query Builder