VYPR
Vendor

Hotel Management

Products
1
CVEs
13
Across products
13
Status
Private

Products

1

Recent CVEs

13
  • CVE-2024-42559CriAug 20, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.

  • CVE-2024-42558CriAug 20, 2024
    risk 0.64cvss 9.8epss 0.01

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_modify_room.php.

  • CVE-2024-42556CriAug 20, 2024
    risk 0.64cvss 9.8epss 0.01

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.

  • CVE-2022-28110CriMay 10, 2022
    risk 0.64cvss 9.8epss 0.01

    Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

  • CVE-2024-42557HigAug 20, 2024
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.

  • CVE-2024-42555HigAug 20, 2024
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.

  • CVE-2024-42554HigAug 20, 2024
    risk 0.57cvss 8.8epss 0.01

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.

  • CVE-2024-42553HigAug 20, 2024
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.

  • CVE-2024-42552HigAug 20, 2024
    risk 0.56cvss 8.6epss 0.01

    Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter at admin_room_history.php.

  • CVE-2023-49272MedDec 20, 2023
    risk 0.35cvss 5.4epss 0.00

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…

  • CVE-2023-49271MedDec 20, 2023
    risk 0.35cvss 5.4epss 0.00

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…

  • CVE-2023-49270MedDec 20, 2023
    risk 0.35cvss 5.4epss 0.00

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…

  • CVE-2023-49269MedDec 20, 2023
    risk 0.35cvss 5.4epss 0.00

    Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in…