Hotel Management
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42559 | Cri | 0.64 | 9.8 | 0.01 | Aug 20, 2024 | An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password. | ||
| CVE-2024-42558 | Cri | 0.64 | 9.8 | 0.01 | Aug 20, 2024 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php. | ||
| CVE-2024-42556 | Cri | 0.64 | 9.8 | 0.01 | Aug 20, 2024 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php. | ||
| CVE-2022-28110 | Cri | 0.64 | 9.8 | 0.01 | May 10, 2022 | Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | ||
| CVE-2024-42557 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2024 | A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||
| CVE-2024-42555 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2024 | A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||
| CVE-2024-42554 | Hig | 0.57 | 8.8 | 0.01 | Aug 20, 2024 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php. | ||
| CVE-2024-42553 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2024 | A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges. | ||
| CVE-2024-42552 | Hig | 0.56 | 8.6 | 0.01 | Aug 20, 2024 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php. | ||
| CVE-2023-49272 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in… | ||
| CVE-2023-49271 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in… | ||
| CVE-2023-49270 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in… | ||
| CVE-2023-49269 | Med | 0.35 | 5.4 | 0.00 | Dec 20, 2023 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in… |
- risk 0.64cvss 9.8epss 0.01
An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
- risk 0.64cvss 9.8epss 0.01
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.
- risk 0.64cvss 9.8epss 0.01
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
- risk 0.64cvss 9.8epss 0.01
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.
- risk 0.57cvss 8.8epss 0.00
A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
- risk 0.57cvss 8.8epss 0.00
A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
- risk 0.57cvss 8.8epss 0.01
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
- risk 0.57cvss 8.8epss 0.00
A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
- risk 0.56cvss 8.6epss 0.01
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.
- risk 0.35cvss 5.4epss 0.00
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…
- risk 0.35cvss 5.4epss 0.00
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…
- risk 0.35cvss 5.4epss 0.00
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…
- risk 0.35cvss 5.4epss 0.00
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…