📦 Hoteldruid

This SQL injection vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary SQL commands via the id_utente_log parameter in the personalizza.php endpoint. This affects all systems runn...

CVE-2023-43371 is a critical SQL injection vulnerability in Hoteldruid v3.0.5 that allows attackers to execute arbitrary SQL commands via the numcaselle parameter in the creaprezzi.php endpoint. This ...

CVE-2021-37832 is a critical SQL injection vulnerability in Hotel Druid 3.0.2 when using SQLite database. Attackers can execute arbitrary SQL commands through the idappartamenti parameter, potentially...

An unauthenticated attacker can exploit verbose SQL error messages in HotelDruid 3.0.7 to extract administrator credentials (username, password hash, and salt) via malformed POST requests to creadb.ph...

HotelDruid v3.0.3 contains a remote code execution vulnerability where attackers can inject malicious payloads into the 'name' field when creating new rooms. This allows arbitrary code execution on th...

HotelDruid v3.0.7 and earlier contains a cross-site scripting (XSS) vulnerability in the /modifica_app.php file. This allows attackers to inject malicious scripts that execute in users' browsers when ...