Hoteldruid - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Hoteldruid
(Digitaldruid)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	23

Date	Id	Summary	Products	Score	Patch	Annotated
2023-09-20	CVE-2023-43371	Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.	Hoteldruid	9.8
2023-09-20	CVE-2023-43373	Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.	Hoteldruid	9.8
2023-09-20	CVE-2023-43374	Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.	Hoteldruid	9.8
2023-09-20	CVE-2023-43375	Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.	Hoteldruid	9.8
2023-09-20	CVE-2023-43376	A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.	Hoteldruid	5.4
2023-09-20	CVE-2023-43377	A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.	Hoteldruid	5.4
2023-11-10	CVE-2023-47164	Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.	Hoteldruid	6.1
2019-06-07	CVE-2019-9087	HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.	Hoteldruid	9.8
2019-06-07	CVE-2019-9086	HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.	Hoteldruid	9.8
2019-06-07	CVE-2019-9084	In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).	Hoteldruid	4.9