Vulnerabilities > Digitaldruid

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-23091 Use of Password Hash With Insufficient Computational Effort vulnerability in Digitaldruid Hoteldruid
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
network
low complexity
digitaldruid CWE-916
7.5
2023-11-10 CVE-2023-47164 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
network
low complexity
digitaldruid CWE-79
6.1
2023-09-20 CVE-2023-43371 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
network
low complexity
digitaldruid CWE-89
critical
9.8
2023-09-20 CVE-2023-43373 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
network
low complexity
digitaldruid CWE-89
critical
9.8
2023-09-20 CVE-2023-43374 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
network
low complexity
digitaldruid CWE-89
critical
9.8
2023-09-20 CVE-2023-43375 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
network
low complexity
digitaldruid CWE-89
critical
9.8
2023-09-20 CVE-2023-43376 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
network
low complexity
digitaldruid CWE-79
5.4
2023-09-20 CVE-2023-43377 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
network
low complexity
digitaldruid CWE-89
5.4
2023-06-13 CVE-2023-33817 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
network
low complexity
digitaldruid CWE-89
8.8
2023-06-13 CVE-2023-34537 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
network
low complexity
digitaldruid CWE-79
5.4