Vulnerabilities > Resortdata
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-39420 | Use of Hard-coded Credentials vulnerability in Resortdata Internet Reservation Module Next Generation 5.3.2.15 The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. | 8.8 |
| 2023-09-07 | CVE-2023-39421 | Use of Hard-coded Credentials vulnerability in Resortdata Internet Reservation Module Next Generation 5.4.1.23 The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. | 7.7 |
| 2023-09-07 | CVE-2023-39422 | Use of Hard-coded Credentials vulnerability in Resortdata Internet Reservation Module Next Generation The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. | 9.8 |
| 2023-09-07 | CVE-2023-39423 | SQL Injection vulnerability in Resortdata Internet Reservation Module Next Generation 5.3.2.15 The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. | 9.1 |
| 2023-09-07 | CVE-2023-39424 | Unrestricted Upload of File with Dangerous Type vulnerability in Resortdata Internet Reservation Module Next Generation 5.3.2.15 A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. | 8.8 |