SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username...
9.8CVSS
9.7AI Score
0.002EPSS
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username...
9.8CVSS
9.9AI Score
0.002EPSS
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component...
6.1CVSS
6.3AI Score
0.003EPSS
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response...
6.5CVSS
6.5AI Score
0.001EPSS
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is...
9.8CVSS
9.9AI Score
0.002EPSS
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password...
7.5CVSS
7.6AI Score
0.006EPSS