Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
digitaldruid hoteldruid vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-1000871
HotelDruid HotelDruid 2.3.0 version 2.3.0 and previous versions contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to b...
Digitaldruid Hoteldruid
NA
CVE-2023-47164
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and previous versions allows a remote unauthenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product.
Digitaldruid Hoteldruid
NA
CVE-2021-42948
HotelDruid Hotel Management Software v3.0.3 and below exists to have exposed session tokens in multiple links via GET parameters, allowing malicious users to access user session id's.
Digitaldruid Hoteldruid
2 Github repositories
356
VMScore
CVE-2019-9084
In Hoteldruid prior to 2.3.1, a division by zero exists in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to ...
Digitaldruid Hoteldruid
356
VMScore
CVE-2019-9085
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_...
Digitaldruid Hoteldruid
668
VMScore
CVE-2019-9086
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
Digitaldruid Hoteldruid
668
VMScore
CVE-2019-9087
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
Digitaldruid Hoteldruid
668
VMScore
CVE-2021-37832
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
Digitaldruid Hoteldruid 3.0.2
2 Github repositories
383
VMScore
CVE-2021-37833
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
Digitaldruid Hoteldruid 3.0.2
1 Github repository
580
VMScore
CVE-2022-22909
HotelDruid v3.0.3 exists to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
Digitaldruid Hoteldruid 3.0.3
4 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »