Home/Product/digitaldruid hoteldruid
Product

digitaldruid hoteldruid

30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-55816
<= 3.0.7
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
6.1MEDIUM
 CVE-2025-44203
all versions
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database'
7.5HIGH
 CVE-2023-43378
all versions
A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a cr
6.1MEDIUM
 CVE-2025-25749
<= 3.0.7
An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password str
7.1HIGH
 CVE-2025-25748
all versions
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g
7.3HIGH
 CVE-2025-25747
all versions
Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sens
5.4MEDIUM
 CVE-2024-23091
< 1.3.2
Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from ha
7.5HIGH
 CVE-2023-47164
<= 3.0.5
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrar
6.1MEDIUM
 CVE-2023-43377
all versions
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execut
5.4MEDIUM
 CVE-2023-43376
all versions
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary w
5.4MEDIUM
 CVE-2023-43375
all versions
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita,
9.8CRITICAL
 CVE-2023-43374
all versions
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personali
9.8CRITICAL
 CVE-2023-43373
all versions
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconne
9.8CRITICAL
 CVE-2023-43371
all versions
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.p
9.8CRITICAL
 CVE-2023-34537
all versions
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's par
5.4MEDIUM
 CVE-2023-33817
all versions
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
8.8HIGH
 CVE-2023-29839
all versions
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary ex
5.4MEDIUM
 CVE-2021-42948
<= 3.0.3
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET para
3.7LOW
 CVE-2021-42949
all versions
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allow
9.8CRITICAL
 CVE-2022-26564
all versions
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter i
6.1MEDIUM
 CVE-2022-22909
all versions
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserti
8.8HIGH
 CVE-2021-38559
all versions
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
6.1MEDIUM
 CVE-2021-37833
all versions
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that
6.1MEDIUM
 CVE-2021-37832
all versions
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A mali
9.8CRITICAL
 CVE-2019-9085
< 2.3.1
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file p
6.5MEDIUM
 CVE-2019-9087
< 2.3.1
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.
9.8CRITICAL
 CVE-2019-9086
< 2.3.1
HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
9.8CRITICAL
 CVE-2019-9084
< 2.3.1
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) d
4.9MEDIUM
 CVE-2019-8937
all versions
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, p
6.1MEDIUM
 CVE-2018-1000871
<= 2.3.0
HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gesti
9.8CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh