hoteldruid vulnerabilities and exploits

7.5
CVSSv2
CVE-2018-1000871

HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be...

4.3
CVSSv2
CVE-2019-8937

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php....

DigitaldruidHoteldruid
7.5
CVSSv2
CVE-2019-9086

HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter....

7.5
CVSSv2
CVE-2019-9087

HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter....

4
CVSSv2
CVE-2019-9084

In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an...