Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Hotel Management System Project Security Vulnerabilities

cve
cve

CVE-2021-41651

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.

7.5CVSS

7.7AI Score

0.002EPSS

2021-10-04 07:15 PM
21
cve
cve

CVE-2022-2291

A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input "><script>alert("XSS")</script...

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-12 03:15 PM
26
8
cve
cve

CVE-2022-2292

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>aler...

5.4CVSS

5.2AI Score

0.001EPSS

2022-07-12 03:15 PM
27
8
cve
cve

CVE-2022-27475

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.

6.1CVSS

6.2AI Score

0.001EPSS

2022-04-13 12:15 PM
34
cve
cve

CVE-2022-28110

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

9.8CVSS

9.8AI Score

0.002EPSS

2022-05-10 12:15 PM
40
cve
cve

CVE-2022-36254

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".

5.4CVSS

5.4AI Score

0.001EPSS

2022-09-12 04:15 AM
29
3
cve
cve

CVE-2022-48090

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.

6.5CVSS

6.9AI Score

0.001EPSS

2023-01-13 07:15 PM
17
cve
cve

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-13 07:15 PM
20
cve
cve

CVE-2024-25314

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.

9.8CVSS

9.8AI Score

0.001EPSS

2024-02-09 02:15 PM
14
cve
cve

CVE-2024-25315

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.

9.8CVSS

9.8AI Score

0.001EPSS

2024-02-09 02:15 PM
10
cve
cve

CVE-2024-25316

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.

9.8CVSS

9.8AI Score

0.001EPSS

2024-02-09 02:15 PM
31
cve
cve

CVE-2024-25318

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.

8.8CVSS

9.1AI Score

0.001EPSS

2024-02-09 02:15 PM
10