Fantasticlbp
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15127 | Hig | 0.47 | 7.3 | 0.00 | Dec 28, 2025 | A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection.… | ||
| CVE-2025-14711 | Hig | 0.47 | 7.3 | 0.00 | Dec 15, 2025 | A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is… | ||
| CVE-2025-14710 | Hig | 0.47 | 7.3 | 0.00 | Dec 15, 2025 | A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed… | ||
| CVE-2025-13208 | Med | 0.41 | 6.3 | 0.00 | Nov 15, 2025 | A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection.… | ||
| CVE-2021-33948 | 0.00 | — | 0.01 | Feb 17, 2023 | SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. | |||
| CVE-2020-18102 | 0.00 | — | 0.01 | May 10, 2021 | Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php". | |||
| CVE-2019-8393 | 0.00 | — | 0.01 | Feb 17, 2019 | Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. | |||
| CVE-2019-7648 | 0.00 | — | 0.01 | Feb 8, 2019 | controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. | |||
| CVE-2019-6497 | 0.00 | — | 0.01 | Jan 19, 2019 | Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. |
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection.…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection.…
- CVE-2021-33948Feb 17, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.
- CVE-2020-18102May 10, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
- CVE-2019-8393Feb 17, 2019risk 0.00cvss —epss 0.01
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
- CVE-2019-7648Feb 8, 2019risk 0.00cvss —epss 0.01
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
- CVE-2019-6497Jan 19, 2019risk 0.00cvss —epss 0.01
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.