CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-27862

Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce
https://wordpress.org/plugins/vikbooking/#developers
https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce
https://wordpress.org/plugins/vikbooking/#developers

Products affected by CVE-2022-27862

Vikwp » Vikbooking Hotel Booking Engine & Property Management System Plugin » Version: Any

cpe:2.3:a:vikwp:vikbooking_hotel_booking_engine_&_property_management_system_plugin:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27862

Products

Pricing

Contact Us