Vulnerabilities (CVE)

Filtered by vendor Hotels Server Project Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33948 1 Hotels Server Project 1 Hotels Server 2024-11-21 N/A 9.8 CRITICAL
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.
CVE-2020-18102 1 Hotels Server Project 1 Hotels Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
CVE-2019-8393 1 Hotels Server Project 1 Hotels Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
CVE-2019-7648 1 Hotels Server Project 1 Hotels Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
CVE-2019-6497 1 Hotels Server Project 1 Hotels Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.