Hotels Server Project: >> Hotels Server >> 2018-11-05 Security Vulnerabilities
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-02-17
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-02-08
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-01-20