CVE-2026-42737
HighSummary
CVE-2026-42737 describes an improper limitation of a pathname to a restricted directory, leading to a Path Traversal vulnerability in the VikBooking Hotel Booking Engine. This issue affects versions from n/a through 1.8.9 inclusive.
Risk Assessment
An attacker could gain access to system files, potentially leading to the exposure of sensitive data or system compromise. This poses a significant security risk to the organization.
Recommendation
It is recommended to update the VikBooking engine to the latest version to mitigate this vulnerability. A security audit of the system should also be conducted to identify potential threats.
Original NVD description (English source)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows Path Traversal.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9.

