145 matches found
VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting
The plugin does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed v 1.5.7 Add/edit a custom field /wp-admin/admin.php?option=comvikbooking&task=custo...
VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tracking campaign with XSS payloads in them via a CSRF attack XSS will be triggered in...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.6 - PHP File Upload vulnerability
PHP File Upload vulnerability discovered by Gabriel3476 in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.6. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.8...
CVE-2022-27863
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...
CVE-2022-27863 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST requests...
CVE-2022-27863
The CVE targets WordPress VikBooking Hotel Booking Engine & PMS plugin
CVE-2022-27862 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to upload and execute dangerous file types e.g. PHP shell via the signature upload on the booking form...
CVE-2022-27862
The CVE-2022-27862 entry concerns the WordPress VikBooking Hotel Booking Engine & PMS plugin (versions
CVE-2022-27862 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin = 1.5.3 on WordPress allows attackers to upload and execute dangerous file types e.g. PHP shell via the signature upload on the booking form...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...
VikBooking Hotel Booking Engine & PMS < 1.5.4 - Unauthenticated Arbitrary File Upload
The plugin does not properly validate the signature file uploaded via its booking form, which could allow unauthenticated attacker to upload arbitrary files...
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE
Arbitrary File Upload leading to RCE discovered by Huli Cymetrics in WordPress VikBooking Hotel Booking Engine & PMS plugin versions = 1.5.3. Solution Update the WordPress VikBooking Hotel Booking Engine & PMS plugin to the latest available version at least 1.5.4...
CVE-2018-17842
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...
CVE-2018-17842
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...
Sql injection
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...
CVE-2018-17842
CVE-2018-17842 affects Scriptzee Hotel Booking Engine 1.0, with a SQL injection vulnerability exposed via the hotels h_room_type parameter. The vulnerability allows potentially unauthorized access to data and manipulation of the backend database. According to NVD, the CVSS scores are CVSSv3.1: 9....
CVE-2018-17842
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels hroomtype parameter...
Hotel Booking Engine 1.0 - h_room_type SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on:...
Hotel Booking Engine 1.0 SQL Injection
Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-01 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-N/A PO...
Professional Service Booking Software 1.0 SQL Injection
Exploit Title: Professional Service Booking Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine Demo: http://professionalservice.scriptzee.com/ Version: 1.0 Category:...