Filtered by vendor Hotel Management System Project Subscriptions
Filtered by product Hotel Management System Subscriptions
Total 14 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-25318 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 8.8 High
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2.
CVE-2024-25316 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 9.8 Critical
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2.
CVE-2024-25315 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 9.8 Critical
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
CVE-2024-25314 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 9.8 Critical
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
CVE-2022-48091 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 5.4 Medium
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.
CVE-2022-48090 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 6.5 Medium
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php.
CVE-2022-36254 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 5.4 Medium
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".
CVE-2022-2292 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 3.5 Low
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-2291 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 4.3 Medium
A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-28110 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 9.8 Critical
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.
CVE-2022-27475 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 6.1 Medium
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.
CVE-2021-41651 1 Hotel Management System Project 1 Hotel Management System 2024-11-21 7.5 High
A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php.
CVE-2024-42559 1 Hotel Management System Project 1 Hotel Management System 2024-08-20 9.8 Critical
An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
CVE-2024-42554 1 Hotel Management System Project 1 Hotel Management System 2024-08-20 8.8 High
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.