Jayesh

Hotel Management System

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-42767

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.08.2024 18:15:10
  • Zuletzt bearbeitet 30.04.2025 16:50:04

Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.

9.1

CVE-2024-42773

Exploit
  • EPSS 0.32%
  • Veröffentlicht 22.08.2024 18:15:10
  • Zuletzt bearbeitet 30.04.2025 16:51:03

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.

7.5

CVE-2024-42772

Exploit
  • EPSS 0.34%
  • Veröffentlicht 22.08.2024 17:15:06
  • Zuletzt bearbeitet 30.04.2025 16:51:09

An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.

7.5

CVE-2024-42774

Exploit
  • EPSS 0.23%
  • Veröffentlicht 22.08.2024 17:15:06
  • Zuletzt bearbeitet 30.04.2025 16:50:53

An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.

9.1

CVE-2024-42775

Exploit
  • EPSS 0.32%
  • Veröffentlicht 22.08.2024 17:15:06
  • Zuletzt bearbeitet 30.04.2025 16:50:40

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct ...

7.2

CVE-2024-42776

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.08.2024 17:15:06
  • Zuletzt bearbeitet 30.04.2025 16:50:21

Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.

6.8

CVE-2024-42768

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.08.2024 17:15:05
  • Zuletzt bearbeitet 30.04.2025 16:51:43

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.

6.1

CVE-2024-42769

Exploit
  • EPSS 0.37%
  • Veröffentlicht 22.08.2024 16:15:09
  • Zuletzt bearbeitet 30.04.2025 16:51:35

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.

4.7

CVE-2024-42770

Exploit
  • EPSS 0.38%
  • Veröffentlicht 22.08.2024 16:15:09
  • Zuletzt bearbeitet 30.04.2025 16:51:26

A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.

4.8

CVE-2024-42771

Exploit
  • EPSS 0.26%
  • Veröffentlicht 22.08.2024 16:15:09
  • Zuletzt bearbeitet 30.04.2025 16:51:18

A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.