Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking form.
References
Link | Resource |
---|---|
https://patchstack.com/database/vulnerability/vikbooking/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-5-3-arbitrary-file-upload-leading-to-rce | Release Notes Third Party Advisory |
https://wordpress.org/plugins/vikbooking/#developers | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Patchstack
Published: 2022-04-18T00:00:00
Updated: 2022-04-25T17:00:32
Reserved: 2022-03-24T00:00:00
Link: CVE-2022-27862
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-19T21:15:18.807
Modified: 2022-04-28T03:48:39.593
Link: CVE-2022-27862
JSON object: View
Redhat Information
No data.
CWE