Victor Vrabie

**Name of the Vulnerable Software and Affected Versions** IRM Next Generation booking engine (affected versions not specified) **Description** The RDPCore.dll component in the IRM Next Generation booking engine allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the daily password and connect to application customers, giving them full, unrestricted access to the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IRM Next Generation booking engine (affected versions not specified) **Description** The RDPWin.dll component includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IRM Next Generation booking engine (affected versions not specified) **Description** The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticate requests using HMAC tokens. However, these tokens are exposed in a JavaScript file loaded on the client side, rendering this extra safety mechanism useless. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The RDPData.dll file exposes the "/irmdata/api/common" endpoint that handles session IDs, among other features. By using a UNION SQL operator, an attacker can leak the sessions table, obtain the currently valid sessions and impersonate a currently logged-in user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IRM Next Generation booking system (affected versions not specified) **Description** A vulnerability in RDPngFileUpload.dll allows a remote attacker to upload arbitrary content, such as a web shell component, to the SQL database and execute it with SYSTEM privileges. This issue requires authentication to be exploited but can be combined with another vulnerability to bypass the need for assigned credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.