Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hoteldruid
(Digitaldruid)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-20 | CVE-2023-43371 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | Hoteldruid | 9.8 | ||
| 2023-09-20 | CVE-2023-43373 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | Hoteldruid | 9.8 | ||
| 2023-09-20 | CVE-2023-43374 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | Hoteldruid | 9.8 | ||
| 2023-09-20 | CVE-2023-43375 | Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | Hoteldruid | 9.8 | ||
| 2023-09-20 | CVE-2023-43376 | A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. | Hoteldruid | 5.4 | ||
| 2023-09-20 | CVE-2023-43377 | A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | Hoteldruid | 5.4 | ||
| 2024-07-30 | CVE-2024-23091 | Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. | Hoteldruid | 7.5 | ||
| 2023-11-10 | CVE-2023-47164 | Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | Hoteldruid | 6.1 | ||
| 2022-09-16 | CVE-2021-42949 | The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | Hoteldruid | 9.8 | ||
| 2023-06-13 | CVE-2023-34537 | A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. | Hoteldruid | 5.4 |