6 matches found
VulnCheck KEV: CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
Exploit for SQL Injection in Thimpress Wp_Hotel_Booking
CVE-2024-3605 WP Hotel Booking = 2.1.0 - Unauthenticated SQL...
PT-2024-30143 · Unknown · Kashipara Hotel Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: An Incorrect Access Control issue was found in the /admin/rooms.php endpoint, allowing an unauthenticated attacker to view valid hotel room entries in the administrator section. This...
CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
PT-2024-26863
Name of the Vulnerable Software and Affected Versions WP Hotel Booking plugin for WordPress versions up to, and including, 2.1.0 Description The issue allows for SQL Injection via the room type parameter of the "/wphb/v1/rooms/search-rooms" REST API endpoint due to insufficient escaping on the...
PT-2023-31447 · Unknown · Hotel Booking Management
Name of the Vulnerable Software and Affected Versions: Hotel Booking Management version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the npss parameter at the "rooms.php" endpoint. Recommendations: For Hotel Booking Management...