PT-2022-15729 · Unknown+1 · Hoteldruid+1
0Z09E
·
Published
2022-03-02
·
Updated
2022-03-09
·
CVE-2022-22909
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HotelDruid version 3.0.3
Description
A remote code execution issue was discovered, allowing an attacker to execute code by inserting a crafted payload into the
name field under the Create New Room module.Recommendations
For HotelDruid version 3.0.3, consider restricting access to the Create New Room module until a patch is available. As a temporary workaround, validate and sanitize user input for the
name field to prevent malicious payloads. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Hoteldruid