CVE-2019-9084

Name of the Vulnerable Software and Affected Versions Hoteldruid versions prior to 2.3.1

Description A division by zero issue was found due to the mishandling of non-numeric values in the numtariffa1 parameter of the tab tariffe.php file. This could allow an administrator to conduct a remote denial of service, disrupting certain business functions of the product, as demonstrated by the "/tab tariffe.php?anno=[YEAR]&numtariffa1=1a" URI.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the tab tariffe.php file to minimize the risk of exploitation. Avoid using non-numeric values for the numtariffa1 parameter in the affected API endpoint until the issue is resolved.