Vulnerabilities > Digitaldruid > Hoteldruid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-30 | CVE-2024-23091 | Use of Password Hash With Insufficient Computational Effort vulnerability in Digitaldruid Hoteldruid Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. | 7.5 |
| 2023-11-10 | CVE-2023-47164 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 6.1 |
| 2023-09-20 | CVE-2023-43371 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | 9.8 |
| 2023-09-20 | CVE-2023-43373 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | 9.8 |
| 2023-09-20 | CVE-2023-43374 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | 9.8 |
| 2023-09-20 | CVE-2023-43375 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | 9.8 |
| 2023-09-20 | CVE-2023-43376 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5 A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. | 5.4 |
| 2023-09-20 | CVE-2023-43377 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | 5.4 |
| 2023-06-13 | CVE-2023-33817 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | 8.8 |
| 2023-06-13 | CVE-2023-34537 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5 A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. | 5.4 |