Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
9.8CVSS
9.9AI Score
0.002EPSS
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
9.8CVSS
9.9AI Score
0.002EPSS
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.
9.8CVSS
9.7AI Score
0.002EPSS