Filtered by vendor Kashipara
Subscriptions
Filtered by product Hotel Management System
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-42773 | 1 Kashipara | 1 Hotel Management System | 2024-11-06 | 9.1 Critical |
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. | ||||
CVE-2024-42767 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.2 High |
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | ||||
CVE-2024-42769 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 6.1 Medium |
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. | ||||
CVE-2024-42771 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 4.8 Medium |
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. | ||||
CVE-2024-42772 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.5 High |
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | ||||
CVE-2024-42774 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.5 High |
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | ||||
CVE-2024-42775 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 9.1 Critical |
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | ||||
CVE-2024-42776 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.2 High |
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. |
Page 1 of 1.