Show filters
23 Total Results
Displaying 1-10 of 23
Sort by:
Attacker Value
Unknown

CVE-2024-23091

Disclosure Date: July 30, 2024 (last updated August 24, 2024)
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
Attacker Value
Unknown

CVE-2023-47164

Disclosure Date: November 10, 2023 (last updated November 17, 2023)
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
Attacker Value
Unknown

CVE-2023-43377

Disclosure Date: September 20, 2023 (last updated October 08, 2023)
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
Attacker Value
Unknown

CVE-2023-43376

Disclosure Date: September 20, 2023 (last updated October 08, 2023)
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
Attacker Value
Unknown

CVE-2023-43375

Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
Attacker Value
Unknown

CVE-2023-43374

Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
Attacker Value
Unknown

CVE-2023-43373

Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
Attacker Value
Unknown

CVE-2023-43371

Disclosure Date: September 20, 2023 (last updated October 08, 2023)
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
Attacker Value
Unknown

CVE-2023-34537

Disclosure Date: June 13, 2023 (last updated October 08, 2023)
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
Attacker Value
Unknown

CVE-2023-33817

Disclosure Date: June 13, 2023 (last updated October 08, 2023)
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.