Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digitaldruid hoteldruid vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43375
Hoteldruid v3.0.5 exists to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
Digitaldruid Hoteldruid 3.0.5
435
VMScore
CVE-2019-8937
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
Digitaldruid Hoteldruid 2.3.0
1 EDB exploit
NA
CVE-2023-43376
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-43377
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-33817
hoteldruid v3.0.5 exists to contain a SQL injection vulnerability.
Digitaldruid Hoteldruid 3.0.5
1 Github repository
NA
CVE-2023-43371
Hoteldruid v3.0.5 exists to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-43374
Hoteldruid v3.0.5 exists to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
Digitaldruid Hoteldruid 3.0.5
668
VMScore
CVE-2021-37832
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
Digitaldruid Hoteldruid 3.0.2
2 Github repositories
383
VMScore
CVE-2021-37833
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
Digitaldruid Hoteldruid 3.0.2
1 Github repository
NA
CVE-2023-34537
A Reflected XSS exists in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
Digitaldruid Hoteldruid 3.0.5
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »