Published: 07/06/2019 Updated: 01/07/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

In Hoteldruid prior to 2.3.1, a division by zero exists in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).

Vulnerable Product	Search on Vulmon	Subscribe to Product
digitaldruid hoteldruid

Debian Bug report logs - #929136 hoteldruid: CVE-2019-8937 Package: src:hoteldruid; Maintainer for src:hoteldruid is Marco Maria Francesco De Santis <marco@digitaldruidnet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 May 2019 20:51:02 UTC Severity: grave Tags: security, upstream Found in ve ...

CWE-369 https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_Hoteldruid_before_v2.3.1.txt http://www.hoteldruid.com/en/download.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9084

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect