CVE-2018-11242

MEDIUM

MakeMyTrip 7.2.4 - Cleartext Storage of Sensitive Information in Local Databases

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-11242. PoCs published by Divya Jain.

AI-analyzed exploit summary This exploit describes an information disclosure vulnerability in MakeMyTrip Android app v7.2.4, where unencrypted SQLite database files are stored in accessible directories, potentially leaking sensitive data. The PoC outlines the directory paths but does not include executable code.

Description

An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.

Exploits (1)

exploitdb WRITEUP
by Divya Jain · textlocalandroid
https://www.exploit-db.com/exploits/44690

This exploit describes an information disclosure vulnerability in MakeMyTrip Android app v7.2.4, where unencrypted SQLite database files are stored in accessible directories, potentially leaking sensitive data. The PoC outlines the directory paths but does not include executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: MakeMyTrip Android Application v7.2.4
No auth needed
Prerequisites: root access to the Android device · physical or remote access to the device's filesystem
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44690/

Scores

CVSS v3 6.5
EPSS 0.0413
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-312
Status published
Products (1)
makemytrip/makemytrip 7.2.4
Published May 20, 2018
Tracked Since Feb 18, 2026