This page lists publicly disclosed CVE vulnerabilities affecting jayesh hotel_management_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-42773 | An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator section. | [email protected] | 9.1 | 0.32% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42767 | Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | [email protected] | 7.2 | 0.09% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42776 | Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | [email protected] | 7.2 | 0.08% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42775 | An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | [email protected] | 9.1 | 0.32% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42774 | An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | [email protected] | 7.5 | 0.23% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42772 | An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | [email protected] | 7.5 | 0.34% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42768 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. | [email protected] | 6.8 | 0.13% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42771 | A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. | [email protected] | 4.8 | 0.26% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42770 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. | [email protected] | 4.7 | 0.38% | 2024-08-22 | 2025-04-30 |
| CVE-2024-42769 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname" parameters. | [email protected] | 6.1 | 0.37% | 2024-08-22 | 2025-04-30 |
| CVE-2023-49272 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.07% | 2023-12-20 | 2025-12-05 |
| CVE-2023-49271 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.20% | 2023-12-20 | 2026-01-06 |
| CVE-2023-49270 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.20% | 2023-12-20 | 2026-01-06 |
| CVE-2023-49269 | Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. | [email protected] | 5.4 | 0.08% | 2023-12-20 | 2026-01-06 |