Hotel Management System Security Vulnerabilities and Issues — Hotel Management System CVE List

Lucene search

Hotel Management System ProjectHotel Management System

13 matches found

CVE•added 2024/02/09 2:15 p.m.•65 views

CVE-2024-25316

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.

9.8CVSS9.8AI score0.00176EPSS

CVE•added 2022/04/13 12:15 p.m.•54 views

CVE-2022-27475

Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.

6.1CVSS6.2AI score0.00376EPSS

CVE•added 2022/05/10 12:15 p.m.•52 views

CVE-2022-28110

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

9.8CVSS9.8AI score0.00291EPSS

CVE•added 2022/07/12 3:15 p.m.•48 views

CVE-2022-2292

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "> leads to cross si...

5.4CVSS4.4AI score0.00195EPSS

CVE•added 2022/07/12 3:15 p.m.•47 views

CVE-2022-2291

A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input "> leads to cross site scripting. The a...

5.4CVSS4.7AI score0.00228EPSS

CVE•added 2022/09/12 4:15 a.m.•43 views

CVE-2022-36254

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".

5.4CVSS5.4AI score0.00068EPSS

CVE•added 2021/10/04 7:15 p.m.•36 views

CVE-2021-41651

A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.

7.5CVSS7.7AI score0.06322EPSS

CVE•added 2024/08/20 1:15 p.m.•36 views

CVE-2024-42559

An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.

9.8CVSS6.9AI score0.00198EPSS

CVE•added 2024/02/09 2:15 p.m.•34 views

CVE-2024-25314

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.

9.8CVSS9.8AI score0.00176EPSS

CVE•added 2023/01/13 7:15 p.m.•33 views

CVE-2022-48090

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.

6.5CVSS6.9AI score0.00058EPSS

CVE•added 2023/01/13 7:15 p.m.•33 views

CVE-2022-48091

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.

5.4CVSS5.3AI score0.00092EPSS

CVE•added 2024/02/09 2:15 p.m.•32 views

CVE-2024-25318

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.

8.8CVSS9.1AI score0.00176EPSS

CVE•added 2024/02/09 2:15 p.m.•29 views

CVE-2024-25315

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.

9.8CVSS9.8AI score0.00176EPSS