Digitaldruid Hoteldruid

30 CVEs affecting Digitaldruid Hoteldruid. Latest disclosed: 2025-12-11. Critical: 9, High: 6.

Top CVEs affecting Digitaldruid Hoteldruid
CVESeverityScorePublishedSummary
CVE-2023-43375Critical9.82023-09-20Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita…
CVE-2023-43374Critical9.82023-09-20Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
CVE-2023-43373Critical9.82023-09-20Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
CVE-2023-43371Critical9.82023-09-20Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
CVE-2021-42949Critical9.82022-09-16The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authe…
CVE-2021-37832Critical9.82021-08-03A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL…
CVE-2019-9087Critical9.82019-06-07HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
CVE-2019-9086Critical9.82019-06-07HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
CVE-2018-1000871Critical9.82018-12-20HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can…
CVE-2023-33817High8.82023-06-13hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
CVE-2022-22909High8.82022-03-03HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the…
CVE-2025-44203High7.52025-06-20In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sendin…
CVE-2024-23091High7.52024-07-30Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.
CVE-2025-25748High7.32025-03-11A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords)…
CVE-2025-25749High7.12025-03-11An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.
CVE-2019-9085Medium6.52019-06-24Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contra…
CVE-2025-55816Medium6.12025-12-11HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVE-2023-43378Medium6.12025-04-22A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t…
CVE-2023-47164Medium6.12023-11-10Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser o…
CVE-2022-26564Medium6.12022-04-26HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.