CVE-2024-42775

Published: Aug 22, 2024Modified: Apr 30, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.

Affected (1)

Products: Jayesh: Hotel Management System

1 product

Hotel Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jayesh Hotel Management System	Version 1.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.kashipara.com/

Source: cve@mitre.org

Product

Timeline

No history available yet.