Vulnerabilities > CVE-2022-27862 - Unspecified vulnerability in Vikwp Vikbooking Hotel Booking Engine & Property Management System Plugin
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce
- https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce
- https://wordpress.org/plugins/vikbooking/#developers
- https://wordpress.org/plugins/vikbooking/#developers