Skip to main content

Bus Ticket Booking With Seat Reservation EUVD-2026-20221

| CVE-2026-39572 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-04-08 Patchstack
Information Disclosure Bus Ticket Booking With Seat Reservation
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 10:22 NVD
4.0 (MEDIUM) 4.3 (MEDIUM)
Analysis Generated
Apr 14, 2026 - 18:22 vuln.today
CVSS changed
Apr 14, 2026 - 18:22 NVD
4.0 (MEDIUM)
EUVD ID Assigned
Apr 08, 2026 - 08:45 euvd
EUVD-2026-20221
CVE Published
Apr 08, 2026 - 08:30 nvd
N/A

DescriptionCVE.org

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through < 5.6.5.

AnalysisAI

Sensitive system information exposure in magepeopleteam Bus Ticket Booking with Seat Reservation plugin (versions prior to 5.6.5) allows remote, unauthenticated attackers to retrieve embedded sensitive data via network access with high complexity exploitation. The vulnerability carries low real-world risk with EPSS score of 0.02% (5th percentile) and no confirmed active exploitation, though it may expose configuration details or internal system information to unauthorized parties.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send crafted network request
Exploit
Exploit high-complexity access control flaw
Execution
Retrieve embedded sensitive data
Impact
Gather system reconnaissance information
Sign in to reveal

Vulnerability AssessmentAI

Risk Assessment This vulnerability presents minimal real-world risk despite a moderate CVSS score of 4.0. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker crafts a specially designed network request targeting the plugin's API or functionality endpoints, exploiting high-complexity conditions (such as specific request sequencing or race conditions) to bypass access controls and retrieve embedded sensitive system information. The attacker gains knowledge of internal system configuration, database structure, or other metadata that facilitates reconnaissance for follow-up attacks, though the vulnerability itself does not enable data modification, service disruption, or direct code execution.
Remediation Update the Bus Ticket Booking with Seat Reservation plugin to version 5.6.5 or later, which includes the security fix addressing the sensitive data exposure. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-20221 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy