cbcvebase.
CVE-2019-9084
published 2019-06-07

CVE-2019-9084: In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of…

PriorityP423medium4.9CVSS 3.0
AVNACLPRHUINSUCNINAH
EPSS
1.74%
74.9th percentile
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).

Affected

4 ranges
VendorProductVersion rangeFixed in
debianhoteldruid< hoteldruid 2.3.2-1 (bookworm)hoteldruid 2.3.2-1 (bookworm)
digitaldruidhoteldruid< 2.3.12.3.1
digitaldruidhoteldruid>= 0 < 2.3.2-12.3.2-1
digitaldruidhoteldruid>= 0 < 2.3.2-12.3.2-1

CVSS provenance

nvdv3.04.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.9MEDIUM
vendor_debian4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.