Published: 24/06/2019 Updated: 27/06/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digitaldruid hoteldruid

Debian Bug report logs - #929136 hoteldruid: CVE-2019-8937 Package: src:hoteldruid; Maintainer for src:hoteldruid is Marco Maria Francesco De Santis <marco@digitaldruidnet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 May 2019 20:51:02 UTC Severity: grave Tags: security, upstream Found in ve ...

CWE-20 https://metamorfosec.com/Files/Advisories/METS-2019-006-An_Invalid_Arguments_in_Hoteldruid_before_v2.3.1.txt http://www.hoteldruid.com/en/download.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-9085

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect