What is CVE-2023-5991?

CVE-2023-5991 is a vulnerability in Hotel Booking Lite, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2023-12-26.

Is CVE-2023-5991 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hotel Booking Lite

CVE-2023-5991

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files…

EPSS: 0.783 (99.0th percentile) — read the EPSS interpretation.

Affected products

Unknown Hotel Booking Lite — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-5991?: CVE-2023-5991 is a vulnerability in Hotel Booking Lite, classified under CWE-22 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL'). Published 2023-12-26.
Is CVE-2023-5991 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.