Description
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44690/
Third Party Advisory x_refsource_misc
https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1
Scores
CVSS v3
6.5
EPSS
0.0408
EPSS Percentile
88.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
makemytrip/makemytrip
7.2.4
Published
May 20, 2018
Tracked Since
Feb 18, 2026