Hotel Management System Security Vulnerabilities and Issues — Hotel Management System CVE List

Lucene search

JayeshHotel Management System

10 matches found

CVE•added 2024/08/22 4:15 p.m.•51 views

CVE-2024-42769

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.

6.1CVSS6.6AI score0.00157EPSS

CVE•added 2024/08/22 6:15 p.m.•44 views

CVE-2024-42773

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.

9.1CVSS7AI score0.00262EPSS

CVE•added 2024/08/22 6:15 p.m.•38 views

CVE-2024-42767

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.

7.2CVSS6.9AI score0.00157EPSS

CVE•added 2024/08/22 4:15 p.m.•38 views

CVE-2024-42770

A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.

4.7CVSS6.4AI score0.00165EPSS

CVE•added 2024/08/22 5:15 p.m.•37 views

CVE-2024-42772

An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.

7.5CVSS6.8AI score0.00277EPSS

CVE•added 2024/08/22 5:15 p.m.•36 views

CVE-2024-42768

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.

6.8CVSS7AI score0.00046EPSS

CVE•added 2024/08/22 4:15 p.m.•36 views

CVE-2024-42771

A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.

4.8CVSS6.5AI score0.00148EPSS

CVE•added 2024/08/22 5:15 p.m.•36 views

CVE-2024-42776

Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.

7.2CVSS6.8AI score0.00199EPSS

CVE•added 2024/08/22 5:15 p.m.•35 views

CVE-2024-42774

An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.

7.5CVSS6.9AI score0.00218EPSS

CVE•added 2024/08/22 5:15 p.m.•31 views

CVE-2024-42775

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.

9.1CVSS6.7AI score0.00262EPSS