pkg:Debian/hoteldruid
共 32 筆 CVECRITICAL9HIGH6MEDIUM14LOW1
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.8CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscad…from 0
- CRITICAL9.8CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.from 0
- CRITICAL9.8CVE-2023-43373Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.ph…from 0
- CRITICAL9.8CVE-2023-43371Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.from 0
- CRITICAL9.8CVE-2021-42949The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attac…from 0
- CRITICAL9.8CVE-2021-37832A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database.from 0
- CRITICAL9.8CVE-2019-9087HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.from 0, < 2.3.2-1
- CRITICAL9.8CVE-2019-9086HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.from 0, < 2.3.2-1
- CRITICAL9.8CVE-2018-1000871HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utent…from 0, < 2.3.0-2
- from 0
- HIGH8.8CVE-2022-22909HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a craf…from 0
- HIGH7.5CVE-2025-44203In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button i…from 0
- HIGH7.5CVE-2024-23091Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.from 0
- HIGH7.3CVE-2025-25748A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modify…from 0
- HIGH7.1CVE-2025-25749An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength pol…from 0
- MEDIUM6.5CVE-2019-9085Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter…from 0, < 2.3.2-1
- MEDIUM6.1CVE-2025-55816HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.from 0
- MEDIUM6.1CVE-2023-43378A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted pay…from 0
- MEDIUM6.1CVE-2023-47164Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script…from 0
- MEDIUM6.1CVE-2022-26564HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creapre…from 0
- MEDIUM6.1CVE-2021-38559DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.from 0
- MEDIUM6.1CVE-2021-37833A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows f…from 0
- MEDIUM6.1CVE-2019-8937HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personaliz…from 0, < 2.3.2-1
- MEDIUM5.4CVE-2025-25747Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive inf…from 0
- MEDIUM5.4CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitra…from 0
- MEDIUM5.4CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web script…from 0
- MEDIUM5.4CVE-2023-34537A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to…from 0
- MEDIUM5.4CVE-2023-29839A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution o…from 0
- MEDIUM4.9CVE-2019-9084In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the…from 0, < 2.3.2-1
- LOW3.7CVE-2021-42948HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, a…from 0
- from 0
- from 0