FantasticLBP/Hotels_Server

FantasticLBP/Hotels_Server

Releases0

Stars346

酒店预订系统后台管理系统

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-33948 ↗	Feb 17, 2023Friday, 17 February 2023, 18:15	9.8 CRITICAL	—
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.
CVE-2020-18102 ↗	May 10, 2021Monday, 10 May 2021, 20:15	6.1 MEDIUM	4.3 MEDIUM
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
CVE-2019-8393 ↗	Feb 17, 2019Sunday, 17 February 2019, 15:29	—	7.5 HIGH
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.
CVE-2019-7648 ↗	Feb 8, 2019Friday, 8 February 2019, 17:29	—	5 MEDIUM
controller/fetchpwd.php and controller/doAction.php in Hotels_Server through 2018-11-05 rely on base64 in an attempt to protect password storage.
CVE-2019-6497 ↗	Jan 20, 2019Sunday, 20 January 2019, 20:29	—	7.5 HIGH
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.