Hotel Management System

hotel_management_system

Vendor: Jayesh • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42773 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the admin...Show more An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.Show less
CVE-2024-42767 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVE-2024-42776 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.
CVE-2024-42775 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the adminis...Show more An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.Show less
CVE-2024-42774 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator se...Show more An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.Show less
CVE-2024-42772 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.
CVE-2024-42768 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
CVE-2024-42771 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" par...Show more A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.Show less
CVE-2024-42770 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.
CVE-2024-42769 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lna...Show more A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.Show less
CVE-2023-49272 1Jayesh 1Hotel Management System Dec 5, 2025 Dec 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text betwee...Show more Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less
CVE-2023-49271 1Jayesh 1Hotel Management System Jan 6, 2026 Dec 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text...Show more Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less
CVE-2023-49270 1Jayesh 1Hotel Management System Jan 6, 2026 Dec 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text b...Show more Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less
CVE-2023-49269 1Jayesh 1Hotel Management System Jan 6, 2026 Dec 20, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between...Show more Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Show less