Vulnerabilities > Digitaldruid > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-43371 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | 9.8 |
| 2023-09-20 | CVE-2023-43373 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | 9.8 |
| 2023-09-20 | CVE-2023-43374 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | 9.8 |
| 2023-09-20 | CVE-2023-43375 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | 9.8 |
| 2022-09-16 | CVE-2021-42949 | Improper Authentication vulnerability in Digitaldruid Hoteldruid 3.0.3 The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | 9.8 |
| 2021-08-03 | CVE-2021-37832 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.2 A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. | 9.8 |
| 2019-06-07 | CVE-2019-9087 | SQL Injection vulnerability in Digitaldruid Hoteldruid HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter. | 9.8 |
| 2019-06-07 | CVE-2019-9086 | SQL Injection vulnerability in Digitaldruid Hoteldruid HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter. | 9.8 |
| 2018-12-20 | CVE-2018-1000871 | SQL Injection vulnerability in Digitaldruid Hoteldruid HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. | 9.8 |