3 matches found
CVE-2022-1952
The CVE-2022-1952 issue affects the WordPress eaSYNC Booking plugin (Hotels/Restaurant/Car Rental) versions prior to 1.1.16. It stems from insufficient input validation of an AJAX action, with an allowlist of valid file extensions defined but not used during validation. This leads to arbitrary fi...
CVE-2022-1952 eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An...
CVE-2022-1952
creationtimestamp| type| source ---|---|--- 2022-06-30 09:48:06+00:00| published-proof-of-concept| Telegram/NeKXnTM2sAZzsr0TQAi-bPyfhrvmFH-23PGtGnpZ0v7g30Y 2022-07-11 16:19:21+00:00| seen| https://t.me/cibsecurity/45914 2024-11-24 00:00:00+00:00| seen| The Shadowserver...