Aggregates CVE and security vulnerability intelligence across all hotel_management_system_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-25318 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. | [email protected] | 8.8 | 0.16% | 2024-02-09 | 2025-06-16 |
| CVE-2024-25316 | Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. | [email protected] | 9.8 | 0.16% | 2024-02-09 | 2024-11-21 |
| CVE-2024-25315 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | [email protected] | 9.8 | 0.16% | 2024-02-09 | 2025-05-15 |
| CVE-2024-25314 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | [email protected] | 9.8 | 0.16% | 2024-02-09 | 2025-05-15 |
| CVE-2022-48091 | Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. | [email protected] | 5.4 | 0.30% | 2023-01-13 | 2025-04-07 |
| CVE-2022-48090 | Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. | [email protected] | 6.5 | 0.23% | 2023-01-13 | 2025-04-07 |
| CVE-2022-36254 | Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname". | [email protected] | 5.4 | 0.18% | 2022-09-12 | 2024-11-21 |
| CVE-2022-2292 | A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 3.5 | 0.19% | 2022-07-12 | 2024-11-21 |
| CVE-2022-2291 | A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 4.3 | 0.23% | 2022-07-12 | 2024-11-21 |
| CVE-2022-28110 | Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | [email protected] | 9.8 | 0.29% | 2022-05-10 | 2024-11-21 |
| CVE-2022-27475 | Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. | [email protected] | 6.1 | 0.38% | 2022-04-13 | 2024-11-21 |
| CVE-2021-41651 | A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the vulnerable cid parameter in process_update_profile.php. | [email protected] | 7.5 | 6.32% | 2021-10-04 | 2024-11-21 |