CVE-2022-1409

CVE-2022-1409: VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload

Vendor Unknown
Product VikBooking Hotel Booking Engine & PMS
Weakness CWE-434 · Unrestricted file upload
Published May 16, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code

Key dates

02Disclosure timeline

May 16, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE