What the vulnerability does
01Description
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Subscriber Sensitive Data Exposure in Hotel Booking Lite <= 6.0.3 versions.
Explanation of Vulnerability in Simple Terms
Hotel Booking Lite versions up to 6.0.3 expose sensitive information to authenticated users. An attacker with a low-privilege account can read data they should not have access to, such as booking details or user information. The vulnerability requires login but no additional user interaction. Update to a version newer than 6.0.3.
What an attacker can do
Read sensitive booking or user data they should not have access to.
Potential impact on your site
Booking details and user information may be exposed to any logged-in user, risking privacy violations.
Conditions required to exploit
Attacker must have a low-privilege account on the site.
Key dates
External resources
Related vulnerabilities