Vulnerabilities > Digitaldruid > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-23091 Use of Password Hash With Insufficient Computational Effort vulnerability in Digitaldruid Hoteldruid
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
network
low complexity
digitaldruid CWE-916
7.5
7.5
2023-06-13 CVE-2023-33817 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
network
low complexity
digitaldruid CWE-89
8.8
8.8
2022-03-03 CVE-2022-22909 Code Injection vulnerability in Digitaldruid Hoteldruid 3.0.3
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
network
low complexity
digitaldruid CWE-94
8.8
8.8