CVE-2021-42948

Published: Sep 16, 2022Modified: Nov 21, 2024

3.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

Affected (1)

Products: Digitaldruid: Hoteldruid

Digitaldruid

1 product

Hoteldruid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Digitaldruid Hoteldruid	Up to 3.0.3

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (6)

https://github.com/dhammon/HotelDruid-CVE-2021-42948

Source: cve@mitre.org

Third Party Advisory

https://github.com/dhammon/Security

Source: cve@mitre.org

Broken Link

https://www.hoteldruid.com/

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/dhammon/HotelDruid-CVE-2021-42948

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/dhammon/Security

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.hoteldruid.com/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.