Vulnerabilities > Resortdata > Internet Reservation Module Next Generation > 5.3.2.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-39420 | Unspecified vulnerability in Resortdata Internet Reservation Module Next Generation 5.3.2.15 The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. | 8.8 |
| 2023-09-07 | CVE-2023-39423 | Unspecified vulnerability in Resortdata Internet Reservation Module Next Generation 5.3.2.15 The RDPData.dll file exposes the /irmdata/api/common endpoint that handles session IDs, among other features. | 9.1 |
| 2023-09-07 | CVE-2023-39424 | Unrestricted Upload of File with Dangerous Type vulnerability in Resortdata Internet Reservation Module Next Generation 5.3.2.15 A vulnerability in RDPngFileUpload.dll, as used in the IRM Next Generation booking system, allows a remote attacker to upload arbitrary content (such as a web shell component) to the SQL database and execute it with SYSTEM privileges. | 8.8 |