EUVD-2025-18763

Malicious code in bioql PyPI...

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

PT-2025-26429 · Unknown +1 · Hoteldruid +1

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7 Description: The issue allows an unauthenticated attacker to exploit verbose SQL error messages on the "creadb.php" endpoint before the 'create database' button is pressed. By sending malformed POST requests to this...

CVE-2025-44203

HotelDruid 3.0.7 is affected. An unauthenticated attacker can trigger information disclosure by causing verbose SQL error messages in creadb.php before pressing the 'create database' button. Malformed POST requests to the endpoint may reveal administrator credentials: username, password hash, and...