32 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-55816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting XSS in the /modificaapp.php file. CVE-2025-55816 Note that Nessus relies on the presence of t...
EUVD-2023-51298
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-9085
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.p...
Linux Distros Unpatched Vulnerability : CVE-2019-9084
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Hoteldruid before 2.3.1, a division by zero was discovered in $numtabelle in tabtariffe.php aka the numtariffa1 parameter due to the mishandling of non-numer...
Linux Distros Unpatched Vulnerability : CVE-2025-44203
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending...
CVE-2025-44203
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...
CVE-2025-44203
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...
CVE-2025-44203
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...
CVE-2025-44203
HotelDruid 3.0.7 is affected. An unauthenticated attacker can trigger information disclosure by causing verbose SQL error messages in creadb.php before pressing the 'create database' button. Malformed POST requests to the endpoint may reveal administrator credentials: username, password hash, and...
CVE-2025-44203
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...
Exploit for Uncontrolled Resource Consumption in Digitaldruid Hoteldruid
CVE-2025-44203 HotelDruid 3.0.0 / 3.0.7 Sensitive Information...
CVE-2023-43374
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...
CVE-2019-9084
In Hoteldruid before 2.3.1, a division by zero was discovered in $numtabelle in tabtariffe.php aka the numtariffa1 parameter due to the mishandling of non-numeric values, as demonstrated by the /tabtariffe.php?anno=YEAR&numtariffa1;=1a URI. It could allow an administrator to conduct remote denial...
CVE-2019-9085
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.php with invalid arguments any non-numeric value, as demonstrated by the anno=2019transazione=1№contratto=1file=a query string to...
CVE-2023-43378
A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...
CVE-2023-43378
A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...
CVE-2025-25747
CVE-2025-25747: A Cross Site Scripting vulnerability in DigitalDruid HotelDruid v3.0.7 allows an attacker to execute arbitrary code and disclose sensitive information via the ripristina_backup parameter in crea_backup.php. Root cause details are not provided beyond the parameter abuse; the provid...
CVE-2025-25749
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies...
PT-2025-10459 · Unknown +1 · Hoteldruid +1
Name of the Vulnerable Software and Affected Versions: HotelDruid versions 3.0.7 and earlier Description: The issue allows users to set weak passwords due to the lack of enforcement of password strength policies. Recommendations: For HotelDruid versions 3.0.7 and earlier, consider implementing a...
CVE-2023-47164
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...