Hotels Server Security Vulnerabilities and Issues — Hotels Server CVE List

Lucene search

Hotels Server ProjectHotels Server

5 matches found

CVE•added 2021/05/10 8:15 p.m.•39 views

CVE-2020-18102

Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".

6.1CVSS6.3AI score0.00418EPSS

CVE•added 2019/01/20 8:29 p.m.•34 views

CVE-2019-6497

Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.

9.8CVSS9.9AI score0.00245EPSS

CVE•added 2019/02/17 3:29 p.m.•29 views

CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.

9.8CVSS9.9AI score0.00264EPSS

CVE•added 2023/02/17 6:15 p.m.•28 views

CVE-2021-33948

SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.

9.8CVSS9.7AI score0.00072EPSS

CVE•added 2019/02/08 5:29 p.m.•25 views

CVE-2019-7648

controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.

7.5CVSS7.6AI score0.00148EPSS