CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20124 – Online Hotel Booking System Pro Plugin roomtype-details.php sql injection
https://notcve.org/view.php?id=CVE-2017-20124
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96624 https://www.exploit-db.com/exploits/41182 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15536 – Online Hotel Booking System Pro <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15536
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Hotel Booking System Pro versiones hasta 1.1 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157116/WordPress-Hotel-Booking-System-Pro-1.1-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/10171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •