Vulnerabilities > CVE-2019-9084 - Divide By Zero vulnerability in Digitaldruid Hoteldruid

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

digitaldruid

CWE-369

NVD

Published: 2019-06-07

Updated: 2019-07-01

Summary

In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).

Vulnerable Configurations

Part	Description	Count
Application	Digitaldruid Digitaldruid Hoteldruid 1.3.2 Digitaldruid Hoteldruid 2.0.0 Digitaldruid Hoteldruid 2.0.1 Digitaldruid Hoteldruid 2.0.2 Digitaldruid Hoteldruid 2.0.3 Digitaldruid Hoteldruid 2.1 Digitaldruid Hoteldruid 2.1.1 Digitaldruid Hoteldruid 2.1.2 Digitaldruid Hoteldruid 2.1.3 Digitaldruid Hoteldruid 2.1.4 Digitaldruid Hoteldruid 2.2 Digitaldruid Hoteldruid 2.2.1 Digitaldruid Hoteldruid 2.2.2 Digitaldruid Hoteldruid 2.2.3 Digitaldruid Hoteldruid 2.2.4 Digitaldruid Hoteldruid 2.3	16

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References