Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in...
8.8CVSS
9.1AI Score
0.001EPSS
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in...
9.8CVSS
9.8AI Score
0.001EPSS
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in...
9.8CVSS
9.8AI Score
0.001EPSS
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in...
9.8CVSS
9.8AI Score
0.001EPSS
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's...
5.4CVSS
5.4AI Score
0.0004EPSS
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's...
5.4CVSS
5.4AI Score
0.0004EPSS
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's...
5.4CVSS
5.4AI Score
0.0004EPSS
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's...
5.4CVSS
5.4AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.This issue affects Hotel Management System: before...
9.8CVSS
9.7AI Score
0.001EPSS
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection...
6.1CVSS
6.5AI Score
0.001EPSS
itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind...
9.8CVSS
9.9AI Score
0.001EPSS
A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input...
6.1CVSS
6.1AI Score
0.001EPSS
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via...
5.4CVSS
5.3AI Score
0.001EPSS
6.5CVSS
6.9AI Score
0.001EPSS
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as...
5.4CVSS
5.4AI Score
0.001EPSS
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to.....
9.8CVSS
9.7AI Score
0.005EPSS
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input ">alert("XSS") leads...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input ">alert("XSS") leads to cross site...
5.4CVSS
5.2AI Score
0.001EPSS
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login...
9.8CVSS
9.8AI Score
0.002EPSS
Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to upload and execute dangerous file types (e.g. PHP shell) via the signature upload on the booking...
9.8CVSS
9.5AI Score
0.002EPSS
Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 on WordPress allows attackers to get the booking data by guessing / brute-forcing easy predictable booking IDs via search POST...
5.3CVSS
5.2AI Score
0.001EPSS
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is...
6.1CVSS
6.2AI Score
0.001EPSS
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in...
7.5CVSS
7.7AI Score
0.002EPSS
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax...
9.8CVSS
10AI Score
0.002EPSS
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax...
9.8CVSS
10AI Score
0.002EPSS