Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hoteldruid vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-22909
HotelDruid v3.0.3 exists to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
Digitaldruid Hoteldruid 3.0.3
4 Github repositories
NA
CVE-2023-43371
Hoteldruid v3.0.5 exists to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-43376
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2021-42949
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing malicious users to bypass authentication via bruteforce attacks.
Digitaldruid Hoteldruid 3.0.3
2 Github repositories
NA
CVE-2023-43374
Hoteldruid v3.0.5 exists to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-43375
Hoteldruid v3.0.5 exists to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-43377
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
Digitaldruid Hoteldruid 3.0.5
NA
CVE-2023-43373
Hoteldruid v3.0.5 exists to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
Digitaldruid Hoteldruid 3.0.5
4.3
CVSSv2
CVE-2021-38559
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
Digitaldruid Hoteldruid 3.0.2
4.3
CVSSv2
CVE-2022-26564
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
Digitaldruid Hoteldruid 3.0.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »