14 matches found
CVE-2024-42769
CVE-2024-42769 is a reflected XSS vulnerability in Kashipara Hotel Management System v1.0. The issue affects the endpoint "/core/signup_user.php" where user_fname and user_lname are unsafely handled, allowing an attacker to inject scripts and potentially hijack user sessions through crafted input...
CVE-2024-42772
CVE-2024-42772 is a broken access control vulnerability in Kashipara Hotel Management System v1.0. An unauthenticated attacker can access /admin/rooms.php to view valid hotel room entries in the administrator interface, due to an incorrect access control check. The issue affects the administrator...
CVE-2024-42773
CVE-2024-42773 - Kashipara Hotel Management System v1.0 suffers an incorrect access control vulnerability in the admin path. The issue resides in the file /admin/edit_room_controller.php and allows an unauthenticated attacker to edit valid hotel room entries in the administrator section. The IA/i...
CVE-2023-49272
Hotel Management v1.0 is affected by multiple authenticated Reflected XSS flaws. The vulnerability stems from the children parameter in reservation.php, whose value is echoed into the HTML document as plain text. This could allow attackers who have valid access to craft inputs that are reflected ...
CVE-2024-42767
CVE-2024-42767 affects Kashipara Hotel Management System v1.0, with an Unrestricted File Upload vulnerability enabling Remote Code Execution through /admin/add_room_controller.php. Public sources consistently describe the flaw as a lack of validation of uploaded files, allowing an attacker to upl...
CVE-2024-42770
CVE-2024-42770 affects Kashipara Hotel Management System v1.0. A Stored XSS exists in /core/signup_user.php via the user_email parameter, enabling an attacker to inject scripts executed in the victim’s browser. The CVSSv3.1 base score is 4.7 (Network attack, low complexity, no privileges, user in...
CVE-2024-42771
CVE-2024-42771 affects Kashipara Hotel Management System v1.0, specifically the /admin/edit_room_controller.php endpoint. The vulnerability is Stored XSS via the room_name parameter, allowing remote attackers to inject and execute arbitrary scripts in the context of the affected web application. ...
CVE-2024-42774
CVE-2024-42774 affects Kashipara Hotel Management System v1.0. The issue is an Incorrect Access Control in the admin endpoint “/admin/delete_room.php” that allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. Multiple sources corroborate the vulnerab...
CVE-2024-42768
CVE-2024-42768 relates to a Cross-Site Request Forgery affecting Kashipara Hotel Management System v1.0, exploitable via the admin/delete_room.php endpoint. The connected sources confirm the issue and its existence but do not provide concrete details on root cause beyond CSRF and do not specify v...
CVE-2024-42776
Kashipara Hotel Management System v1.0 is affected by an Incorrect Access Control vulnerability exploitable via /admin/users.php. The CVE describes unauthorized access with network attack vector, requiring high privileges, and with no user interaction, potentially impacting confidentiality, integ...
CVE-2024-42775
The CVE concerns Kashipara Hotel Management System v1.0, where an Incorrect Access Control flaw in /admin/add_room_controller.php allows an unauthenticated attacker to add valid hotel room entries via direct URL access. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, CNVDCN, CN...
CVE-2023-49269
CVE-2023-49269 affects Hotel Management v1.0. The vulnerability is an authenticated Reflected Cross-Site Scripting (XSS) in the adults parameter of reservation.php, where input is echoed unmodified in the HTML response and copied into the page between tags. Affected component: reservation.php in ...
CVE-2023-49270
Affected product/versions: Hotel Management v1.0. Vulnerability type: Authenticated Reflected Cross-Site Scripting (XSS). The vulnerability arises because the check_in_date parameter in reservation.php is echoed into the HTML response as plain text between tags, allowing injection of arbitrary HT...
CVE-2023-49271
CVE-2023-49271 affects Hotel Management v1.0. The vulnerability is a set of authenticated Reflected Cross-Site Scripting (XSS) flaws in reservation.php where the check_out_date parameter is copied into the HTML as plaintext and any input is echoed back in the response. Affected component is the r...