Lucene search

Hotels Security Vulnerabilities

cve

CVE-2021-33948

SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username...

9.8CVSS

9.7AI Score

0.002EPSS

2023-02-17 06:15 PM

cve

CVE-2019-6497

Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username...

9.8CVSS

9.9AI Score

0.002EPSS

2022-10-03 04:19 PM

cve

CVE-2020-18102

Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component...

6.1CVSS

6.3AI Score

0.003EPSS

2021-05-10 08:15 PM

cve

CVE-2020-6858

Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response...

6.5CVSS

6.5AI Score

0.001EPSS

2020-03-12 02:15 PM

cve

CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is...

9.8CVSS

9.9AI Score

0.002EPSS

2019-02-17 03:29 PM

cve

CVE-2019-7648

controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password...

7.5CVSS

7.6AI Score

0.006EPSS

2019-02-08 05:29 PM