Vulnerabilities > Digitaldruid > Hoteldruid > 2.1.3

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-47164 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
network
low complexity
digitaldruid CWE-79
6.1
6.1
2022-09-16 CVE-2021-42948 Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
network
high complexity
digitaldruid CWE-319
3.7
3.7
2019-06-24 CVE-2019-9085 Improper Input Validation vulnerability in Digitaldruid Hoteldruid
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.
network
low complexity
digitaldruid CWE-20
6.5
6.5
2019-06-07 CVE-2019-9087 SQL Injection vulnerability in Digitaldruid Hoteldruid
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8
2019-06-07 CVE-2019-9086 SQL Injection vulnerability in Digitaldruid Hoteldruid
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8
2019-06-07 CVE-2019-9084 Divide By Zero vulnerability in Digitaldruid Hoteldruid
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI.
network
low complexity
digitaldruid CWE-369
4.9
4.9
2018-12-20 CVE-2018-1000871 SQL Injection vulnerability in Digitaldruid Hoteldruid
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8