CVE-2019-9085
published 2019-06-24CVE-2019-9085: Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to…
PriorityP430medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
EPSS
1.97%
77.9th percentile
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hoteldruid | < hoteldruid 2.3.2-1 (bookworm) | hoteldruid 2.3.2-1 (bookworm) |
| digitaldruid | hoteldruid | < 2.3.1 | 2.3.1 |
| digitaldruid | hoteldruid | >= 0 < 2.3.2-1 | 2.3.2-1 |
| digitaldruid | hoteldruid | >= 0 < 2.3.2-1 | 2.3.2-1 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2019-9085: hoteldruid - Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of ...
vendor_debian·2019·CVSS 6.5
CVE-2019-9085 [MEDIUM] CVE-2019-9085: hoteldruid - Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of ...
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.
Scope: local
bookworm: resolved (fixed in 2.3.2-1)
bullseye: resolved (fixed in 2.3.2-1)
sid: resolved (fixed in 2.3.2-1)
GHSA
GHSA-r277-6cx2-9m3r: Hoteldruid before v2
ghsa_unreviewed·2022-05-24
CVE-2019-9085 [MEDIUM] CWE-20 GHSA-r277-6cx2-9m3r: Hoteldruid before v2
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.
OSV
CVE-2019-9085: Hoteldruid before v2
osv·2019-06-24·CVSS 6.5
CVE-2019-9085 [MEDIUM] CVE-2019-9085: Hoteldruid before v2
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.hoteldruid.com/en/download.htmlhttps://metamorfosec.com/Files/Advisories/METS-2019-006-An_Invalid_Arguments_in_Hoteldruid_before_v2.3.1.txthttp://www.hoteldruid.com/en/download.htmlhttps://metamorfosec.com/Files/Advisories/METS-2019-006-An_Invalid_Arguments_in_Hoteldruid_before_v2.3.1.txt
2019-06-24
Published