Vulnerabilities > Digitaldruid > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-23091 Use of Password Hash With Insufficient Computational Effort vulnerability in Digitaldruid Hoteldruid
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
network
low complexity
digitaldruid CWE-916
7.5
2023-06-13 CVE-2023-33817 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
network
low complexity
digitaldruid CWE-89
8.8
2021-08-03 CVE-2021-37832 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.2
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database.
network
low complexity
digitaldruid CWE-89
7.5
2019-06-07 CVE-2019-9087 SQL Injection vulnerability in Digitaldruid Hoteldruid
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
network
low complexity
digitaldruid CWE-89
7.5
2019-06-07 CVE-2019-9086 SQL Injection vulnerability in Digitaldruid Hoteldruid
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
network
low complexity
digitaldruid CWE-89
7.5
2018-12-20 CVE-2018-1000871 SQL Injection vulnerability in Digitaldruid Hoteldruid
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver.
network
low complexity
digitaldruid CWE-89
7.5