VYPR
Vendor

Fantasticlbp

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2025-15127HigDec 28, 2025
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection.…

  • CVE-2025-14711HigDec 15, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is…

  • CVE-2025-14710HigDec 15, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed…

  • CVE-2025-13208MedNov 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection.…

  • CVE-2021-33948Feb 17, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.

  • CVE-2020-18102May 10, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".

  • CVE-2019-8393Feb 17, 2019
    risk 0.00cvss epss 0.01

    Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.

  • CVE-2019-7648Feb 8, 2019
    risk 0.00cvss epss 0.01

    controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.

  • CVE-2019-6497Jan 19, 2019
    risk 0.00cvss epss 0.01

    Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.