CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42767
https://notcve.org/view.php?id=CVE-2024-42767
22 Aug 2024 — Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. • https://cwe.mitre.org/data/definitions/434.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42768
https://notcve.org/view.php?id=CVE-2024-42768
22 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. • https://cwe.mitre.org/data/definitions/352.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42769
https://notcve.org/view.php?id=CVE-2024-42769
22 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Reflected%20XSS%20-%20Sign%20UP.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42770
https://notcve.org/view.php?id=CVE-2024-42770
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Sign%20UP.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42771
https://notcve.org/view.php?id=CVE-2024-42771
22 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Edit%20Room.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42772
https://notcve.org/view.php?id=CVE-2024-42772
22 Aug 2024 — An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20Room%20Entry.pdf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42774
https://notcve.org/view.php?id=CVE-2024-42774
22 Aug 2024 — An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Room%20Entry.pdf • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42775
https://notcve.org/view.php?id=CVE-2024-42775
22 Aug 2024 — An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42776
https://notcve.org/view.php?id=CVE-2024-42776
22 Aug 2024 — Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20User%20Data.pdf • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49272 – Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-49272
20 Dec 2023 — Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. Hotel Management v1.0 es afectado por múltiples vulnerabilidades de cross site scripting reflejadas y autenticadas. El parámetro 'children' del recurso reservation.php se copia en el documento HTML como texto plano entre e... • https://fluidattacks.com/advisories/lang • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •