Vulnerabilities > Hotels Server Project > Hotels Server > 2018.11.05

DATE CVE VULNERABILITY TITLE RISK
2019-02-17 CVE-2019-8393 SQL Injection vulnerability in Hotels Server Project Hotels Server 1.0/20181105
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
network
low complexity
hotels-server-project CWE-89
critical
 9.8
9.8
2019-02-08 CVE-2019-7648 Inadequate Encryption Strength vulnerability in Hotels Server Project Hotels Server 1.0/20181105
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
network
low complexity
hotels-server-project CWE-326
7.5
7.5
2019-01-20 CVE-2019-6497 SQL Injection vulnerability in Hotels Server Project Hotels Server 1.0/20181105
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
network
low complexity
hotels-server-project CWE-89
critical
 9.8
9.8