Cross-Site Request Forgery in VikBooking Hotel Booking Engine by e4jvikwp
CVE-2026-57723

7.4HIGH

What is CVE-2026-57723?

A security flaw exists in VikBooking Hotel Booking Engine & PMS that enables Cross-Site Request Forgery (CSRF), permitting unauthorized commands to be transmitted from a user that the web application trusts. This vulnerability can lead to unauthorized actions on behalf of authenticated users, potentially allowing attackers to exploit path traversal vulnerabilities. All versions up to and including 1.8.12 are susceptible to this security issue, making it crucial for users to implement security measures to mitigate any risks.

Affected Version(s)

VikBooking Hotel Booking Engine & PMS <= 1.8.12

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VDsec | Patchstack Bug Bounty Program
.