4 matches found
CVE-2026-6376
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-6376 Missing authentication for critical function in SpiceJet Online Booking System
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
SpiceJet Online Booking System 访问控制错误漏洞
The SpiceJet Online Booking System is an online ticketing system provided by the Indian company SpiceJet. It supports flight search, booking, and order management. The SpiceJet Online Booking System has a security vulnerability related to access control. This vulnerability stems from improper...
PT-2026-34750
Name of the Vulnerable Software and Affected Versions SpiceJet public booking retrieval page affected versions not specified Description Improper access control on a sensitive data retrieval function in the public booking retrieval page allows unauthenticated users to access full passenger bookin...