CVE-2023-43375

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hoteldruid version 3.0.5

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the /hoteldruid/clienti.php endpoint via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua cli, mesenascita, and mesescaddoc parameters.

Recommendations For Hoteldruid version 3.0.5, consider disabling access to the /hoteldruid/clienti.php endpoint until a patch is available. Restrict the use of the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua cli, mesenascita, and mesescaddoc parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-43375

Affected Products

Debian

Hoteldruid

CVE-2023-43375

Weakness Enumeration

Related Identifiers

Affected Products

References · 13