Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hoteldruid
(Digitaldruid)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 23 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-06-13 | CVE-2023-33817 | hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | Hoteldruid | 8.8 | ||
2022-09-16 | CVE-2021-42948 | HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | Hoteldruid | 3.7 | ||
2022-04-26 | CVE-2022-26564 | HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. | Hoteldruid | 6.1 | ||
2022-03-03 | CVE-2022-22909 | HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | Hoteldruid | 8.8 | ||
2021-08-26 | CVE-2021-38559 | DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. | Hoteldruid | 6.1 | ||
2021-08-03 | CVE-2021-37832 | A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter. | Hoteldruid | 9.8 | ||
2021-08-03 | CVE-2021-37833 | A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. | Hoteldruid | 6.1 | ||
2019-06-07 | CVE-2019-9087 | HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. | Hoteldruid | 9.8 | ||
2019-06-07 | CVE-2019-9086 | HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | Hoteldruid | 9.8 | ||
2019-06-07 | CVE-2019-9084 | In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product). | Hoteldruid | 4.9 |