CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

317 matches found

CVE-2019-25750

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS0.00366EPSS

Exploits0References4

NVD•added last week•6 views

CVE-2019-25748

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

8.8CVSS0.00296EPSS

Exploits0References4

EUVD•added last week•6 views

EUVD-2019-20186

8.8CVSS6.3AI score0.00366EPSS

Exploits0References4

CVE•added last week•11 views

CVE-2019-25750

CVE-2019-25750 affects Joomla component J-MultipleHotelReservation version 6.0.7. The vulnerability is an SQL injection in the hotel_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending crafted payloads to the search-hotels endpoint (POST) using UNION SEL...

8.8CVSS6.3AI score0.00366EPSS

Exploits0References4

Cvelist•added last week•14 views

CVE-2019-25750 Joomla J-MultipleHotelReservation 6.0.7 SQL Injection

8.8CVSS0.00366EPSS

Exploits0References4

Cvelist•added last week•29 views

CVE-2019-25748 Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels

8.8CVSS0.00296EPSS

Exploits0References4

CVE•added last week•13 views

CVE-2019-25748

CVE-2019-25748 affects Joomla JHotelReservation 6.0.7. The issue is an SQL injection in the rooms parameter of the search-hotels endpoint, allowing unauthenticated attackers to send crafted SQL payloads via POST requests to extract sensitive data (e.g., database version details). Documented CVSS:...

8.8CVSS6.3AI score0.00296EPSS

Exploits0References4

ATTACKERKB•added last week•5 views

CVE-2019-25748

8.8CVSS6.3AI score0.00296EPSS

Exploits0References4Affected Software1

EUVD•added last week•4 views

EUVD-2019-20184

8.8CVSS6.3AI score0.00296EPSS

Exploits0References4

Positive Technologies•added 2026/06/19 12:0 a.m.•12 views

PT-2026-50986

Name of the Vulnerable Software and Affected Versions Joomla Component J-MultipleHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the...

8.8CVSS6.2AI score0.00366EPSS

Exploits0References8

Positive Technologies•added 2026/06/19 12:0 a.m.•10 views

PT-2026-50964

Name of the Vulnerable Software and Affected Versions JHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'search-hotels' endpoint with malicious code injected into the roo...

8.8CVSS6.2AI score0.00296EPSS

Exploits0References8

Wired Threat Level•added 2026/05/28 10:0 a.m.•8 views

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams...

5.8AI score

Exploits0

RedhatCVE•added 2025/12/29 9:5 a.m.•8 views

CVE-2025-15127

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

7.5CVSS6.8AI score0.00407EPSS

Exploits1References1

EUVD•added 2025/12/28 9:30 a.m.•4 views

EUVD-2025-205499

7.5CVSS6.3AI score0.00407EPSS

Exploits1References5

OSV•added 2025/12/28 8:15 a.m.•7 views

CVE-2025-15127

9.8CVSS5.7AI score0.00407EPSS

Exploits1References4

NVD•added 2025/12/28 8:15 a.m.•3 views

CVE-2025-15127

9.8CVSS0.00407EPSS

Exploits1References4

CVE•added 2025/12/28 8:2 a.m.•11 views

CVE-2025-15127

CVE-2025-15127 affects FantasticLBP Hotels_Server, with the vulnerability located in /controller/api/Room.php. Manipulating the hotelId parameter can lead to a SQL injection. The issue is reported to be exploitable remotely, and public exploit details exist. Affected versions are not specified in...

9.8CVSS6.5AI score0.00407EPSS

Exploits1References4Affected Software1

Cvelist•added 2025/12/28 8:2 a.m.•24 views

CVE-2025-15127 FantasticLBP Hotels_Server Room.php sql injection

7.5CVSS0.00407EPSS

Exploits1References4

Vulnrichment•added 2025/12/28 8:2 a.m.•4 views

CVE-2025-15127 FantasticLBP Hotels_Server Room.php sql injection

7.5CVSS6.5AI score0.00407EPSS

Exploits1References4

Positive Technologies•added 2025/12/28 12:0 a.m.•4 views

PT-2025-53642

Name of the Vulnerable Software and Affected Versions FantasticLBP Hotels Server affected versions not specified Description A security issue exists in FantasticLBP Hotels Server related to the /controller/api/Room.php file. Manipulation of the hotelId argument can lead to SQL injection. This...

9.8CVSS6.7AI score0.00407EPSS

Exploits1References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by