Ivant7D3

Name of the Vulnerable Software and Affected Versions: HotelDruid version 3.0.7 Description: The issue allows an unauthenticated attacker to exploit verbose SQL error messages on the "creadb.php" endpoint before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator `username`, `password` hash, and `salt`. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials. Recommendations: For HotelDruid version 3.0.7, as a temporary workaround, consider disabling the "creadb.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the `username`, `password`, and `salt` variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.