CVE-2023-43373
published 2023-09-20CVE-2023-43373: Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.75%
88.5th percentile
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hoteldruid | < hoteldruid 3.0.6-1 (sid) | hoteldruid 3.0.6-1 (sid) |
| digitaldruid | hoteldruid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandn_utente_agg=1' AND (SELECT 3869 FROM (SELECT(SLEEP(7)))qSXB)-- QMbZ
- →Detect exploitation attempts by monitoring POST requests to /interconnessioni.php containing time-based blind SQLi payloads in the n_utente_agg parameter (e.g., SLEEP() calls). A server response time >= 7 seconds combined with HTTP 200 is a strong indicator of successful injection.
- →The attack uses a multipart/form-data POST body with required fields: anno, id_sessione, modifica_interconnessione=SI, modifica_utente_agg=SI, and the injected n_utente_agg parameter. Alert on multipart POST requests to /interconnessioni.php where n_utente_agg contains SQL metacharacters or SLEEP/SELECT subqueries.
- →Use FOFA/Shodan queries to identify exposed Hoteldruid instances as potential targets: FOFA title="hoteldruid", Shodan title:"hoteldruid".
- ·The vulnerability is present in Hoteldruid v3.0.5 specifically. Debian sid has resolved the issue in package version 3.0.6-1, but bookworm and bullseye remain open/unpatched as of the advisory. ↗
- ·The Nuclei template uses a two-step flow: first confirming the target is a Hoteldruid instance (body contains 'hoteldruid'), then sending the SQLi payload. Detection logic should similarly confirm application identity before flagging.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-43373: Hoteldruid v3
osv·2023-09-20·CVSS 9.8
CVE-2023-43373 [CRITICAL] CVE-2023-43373: Hoteldruid v3
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
GHSA
GHSA-jvpf-j398-wpc4: Hoteldruid v3
ghsa_unreviewed·2023-09-20
CVE-2023-43373 [CRITICAL] CWE-89 GHSA-jvpf-j398-wpc4: Hoteldruid v3
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
Debian
CVE-2023-43373: hoteldruid - Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via th...
vendor_debian·2023·CVSS 9.8
CVE-2023-43373 [CRITICAL] CVE-2023-43373: hoteldruid - Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via th...
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
Scope: local
bookworm: open
bullseye: open
sid: resolved (fixed in 3.0.6-1)
No detection rules found.
Nuclei
Hoteldruid v3.0.5 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-43373 [CRITICAL] Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 - SQL Injection
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
Template:
id: CVE-2023-43373
info:
name: Hoteldruid v3.0.5 - SQL Injection
author: ritikchaddha
severity: critical
description: |
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
impact: |
Allows attackers to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
remediation: |
Update Hoteldruid to a patched version or apply vendor-supplied fixes to mitigate the SQL Injection vulnerability.
reference:
- https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n
No writeups or analysis indexed.
2023-09-20
Published