Published: 03/08/2021 Updated: 11/08/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digitaldruid hoteldruid 3.0.2

Debian Bug report logs - #991910 hoteldruid: CVE-2021-37832 CVE-2021-37833 Package: src:hoteldruid; Maintainer for src:hoteldruid is Marco Maria Francesco De Santis <marco@digitaldruidnet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Thu, 5 Aug 2021 07:36:02 UTC Severity: important Tags: security, upstre ...

CVE 2021-37832 poc

CVE-2021-37832 CVE 2021-37832 poc usage : python3 CVE-2021-37832py testcom

CVE-2021-37832 - Hotel Druid 3.0.2 SQL Injection Vulnerability - 9.8 CVSS 3.1

CVE 2021-37832 Hotel Druid 302 SQL Injection Vulnerability A SQL injection vulnerability exists in version 302 of Hotel Druid when SQLite is being used as the application database A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2021-37832 nvdnist

CWE-89 https://www.hoteldruid.com https://github.com/dievus/CVE-2021-37832 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910 https://github.com/AK-blank/CVE-2021-37832

CVE-2021-37832

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect