Shodan
Vulnerabilities
Vulnerable Software
Jayesh:  Security Vulnerabilities
CVE-2024-42767
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-08-22
CVE-2024-42773
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-08-22
CVE-2024-42772
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-08-22
CVE-2024-42774
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-08-22
CVE-2024-42775
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-08-22
CVE-2024-42776
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-08-22
CVE-2024-42768
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-08-22
CVE-2024-42769
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-22
CVE-2024-42770
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.
CVSS Score
4.7
EPSS Score
0.002
Published
2024-08-22
CVE-2024-42771
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved