Hotels Server Project: >> Hotels Server >> 1.0 Security Vulnerabilities
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-17
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
CVSS Score
6.1
EPSS Score
0.004
Published
2021-05-10
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-17
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-02-08
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-01-20