Filtered by vendor Kashipara Subscriptions
Filtered by product Hotel Management System Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-42773 1 Kashipara 1 Hotel Management System 2024-11-06 9.1 Critical
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section.
CVE-2024-42772 1 Kashipara 1 Hotel Management System 2024-08-23 7.5 High
An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section.
CVE-2024-42767 1 Kashipara 1 Hotel Management System 2024-08-23 7.2 High
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVE-2024-42769 1 Kashipara 1 Hotel Management System 2024-08-23 6.1 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters.
CVE-2024-42775 1 Kashipara 1 Hotel Management System 2024-08-23 9.1 Critical
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.
CVE-2024-42776 1 Kashipara 1 Hotel Management System 2024-08-23 7.2 High
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.
CVE-2024-42771 1 Kashipara 1 Hotel Management System 2024-08-23 4.8 Medium
A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter.
CVE-2024-42774 1 Kashipara 1 Hotel Management System 2024-08-23 7.5 High
An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.