14 matches found
EUVD-2020-10031
Malware in sbrugna...
CVE-2019-6497
HotelsServer through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter...
CVE-2020-18102
Cross Site Scripting XSS in HotelsServer v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php"...
CVE-2020-18102
Hotels_Server v1.0 contains a Cross Site Scripting (XSS) vulnerability allowing remote code execution by injecting crafted commands into data fields of the /controller/publishHotel.php component. The root cause is improper input handling in those fields. This is reported across NVD, Red Hat, PRIO...
Sql injection
HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...
CVE-2019-8393
HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...
CVE-2019-8393
The CVE-2019-8393 entry describes a SQL injection in Hotels_Server (up to 2018-11-05) via the API, caused by mishandling of the telephone parameter in controller/api/login.php. Relevant details from the connected data indicate the vulnerability affects the API layer, with potential impact across ...
CVE-2019-8393
HotelsServer through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled...
CVE-2019-7648
controller/fetchpwd.php and controller/doAction.php in HotelsServer through 2018-11-05 rely on base64 in an attempt to protect password storage...
CVE-2019-7648
CVE-2019-7648 affects Hotels_Server up to 2018-11-05, where controller/fetchpwd.php and controller/doAction.php rely on base64 to protect passwords. The impact is described as insufficient confidentiality protection (base64 is not a crypto safeguard), with CVSSv3 vector: NETWORK, LOW attack compl...
CVE-2019-7648
controller/fetchpwd.php and controller/doAction.php in HotelsServer through 2018-11-05 rely on base64 in an attempt to protect password storage...
Sql injection
HotelsServer through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter...
CVE-2019-6497
HotelsServer through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter...
CVE-2019-6497
Technical details about CVE-2019-6497 are not publicly provided in the supplied documents. Monitor for updates from vendors and CERT/NSCs for affected products, versions, and fix information.