Skip to main content

Hotel Management System CVE-2024-12186

MEDIUM
Buffer Overflow (CWE-119)
2024-12-05 cna@vuldb.com
4.8
CVSS 4.0 · Vendor: vuldb
Share

Severity by source

Vendor (vuldb) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (vuldb) · only source for this CVE.

CVSS VectorVendor: vuldb

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
Dec 05, 2024 - 00:15 cve.org
MEDIUM 4.8

DescriptionCVE.org

A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic.c of the component Available Room Handler. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Affected products include: Code-Projects Hotel Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2024-42558 CRITICAL POC
9.8 Aug 20

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter

CVE-2024-42556 CRITICAL POC
9.8 Aug 20

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type paramet

CVE-2024-25316 CRITICAL POC
9.8 Feb 09

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?

CVE-2024-25315 CRITICAL POC
9.8 Feb 09

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2

CVE-2024-25314 CRITICAL POC
9.8 Feb 09

Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. Ra

CVE-2024-42773 CRITICAL POC
9.1 Aug 22

An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management Sys

CVE-2024-42775 CRITICAL POC
9.1 Aug 22

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management Syst

CVE-2024-42557 HIGH POC
8.8 Aug 20

A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 all

CVE-2024-42555 HIGH POC
8.8 Aug 20

A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 al

CVE-2024-42554 HIGH POC
8.8 Aug 20

Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type paramet

CVE-2024-42553 HIGH POC
8.8 Aug 20

A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allo

CVE-2024-25318 HIGH POC
8.8 Feb 09

Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. Ra

Share

CVE-2024-12186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy