Hotels Server Project
hotels_server_project
5 CVEs • 1 product
Products (1)
Click to collapseToggle
Products (1)
Click to collapse
CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Hotels Server Project 1Hotels Server Mar 18, 2025 Feb 17, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. |
1Hotels Server Project 1Hotels Server Nov 21, 2024 May 10, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php". |
1Hotels Server Project 1Hotels Server Jun 17, 2026 Feb 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled. |
1Hotels Server Project 1Hotels Server Jun 17, 2026 Feb 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage. |
1Hotels Server Project 1Hotels Server Jun 17, 2026 Jan 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter. |