Show filters
23 Total Results
Displaying 1-10 of 23
Sort by:
Attacker Value
Unknown
CVE-2024-23091
Disclosure Date: July 30, 2024 (last updated August 24, 2024)
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
0
Attacker Value
Unknown
CVE-2023-47164
Disclosure Date: November 10, 2023 (last updated November 17, 2023)
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
0
Attacker Value
Unknown
CVE-2023-43377
Disclosure Date: September 20, 2023 (last updated October 08, 2023)
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
0
Attacker Value
Unknown
CVE-2023-43376
Disclosure Date: September 20, 2023 (last updated October 08, 2023)
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
0
Attacker Value
Unknown
CVE-2023-43375
Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
0
Attacker Value
Unknown
CVE-2023-43374
Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
0
Attacker Value
Unknown
CVE-2023-43373
Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
0
Attacker Value
Unknown
CVE-2023-43371
Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
0
Attacker Value
Unknown
CVE-2023-34537
Disclosure Date: June 13, 2023 (last updated October 08, 2023)
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
0
Attacker Value
Unknown
CVE-2023-33817
Disclosure Date: June 13, 2023 (last updated October 08, 2023)
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
0