Booking < 8.4.5.15 – SQL Injection | CVE 2018-20556

Affects Plugins

booking

Fixed in 8.4.5.15

References

CVE

CVE-2018-20556

Exploitdb

46377

URL

https://packetstormsecurity.com/files/#151692/

URL

https://gist.github.com/B0UG/a750c2c204825453e6faf898ea6d09f6

URL

https://vulners.com/exploitdb/EDB-ID:46377

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

8.8 (high)

Miscellaneous

Verified

No

WPVDB ID

6d8624b8-fb72-49a4-a3a1-8dd1b8db7703

Timeline

Publicly Published

2019-02-14 (about 7 years ago)

Added

2019-08-25 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

Contus Video Gallery 2.0 & 1.6 - SQL Injection

Published

2014-08-01

Title

fGallery 2.4.1 - fimrss.php SQL Injection

Published

2017-07-22

Title

wordpress-gallery-transformation 1.0 - Blind SQL Injection

Published

2021-02-08

Title

Ultimate Maps by Supsystic < 1.1.17 - Authenticated SQL Injections

Published

2026-03-10

Title

Ally < 4.1.0 - Unauthenticated SQLi via URL Path