Hoteldruid

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-44203 HIGH PATCH This Week

CVE-2025-44203 is a critical information disclosure vulnerability in HotelDruid 3.0.7 that allows unauthenticated attackers to extract sensitive database credentials (administrator username, password hash, and salt) through verbose SQL error messages on the creadb.php endpoint. The vulnerability can also cause denial of service conditions that lock administrators out of the system. With a CVSS score of 7.5 and no authentication required, this poses an immediate threat to unpatched HotelDruid installations.

PHP Denial Of Service Hoteldruid

NVD GitHub

CVSS 3.1

7.5

EPSS

0.0%

CVE-2025-44203

EPSS 0% CVSS 7.5

HIGH PATCH This Week

CVE-2025-44203 is a critical information disclosure vulnerability in HotelDruid 3.0.7 that allows unauthenticated attackers to extract sensitive database credentials (administrator username, password hash, and salt) through verbose SQL error messages on the creadb.php endpoint. The vulnerability can also cause denial of service conditions that lock administrators out of the system. With a CVSS score of 7.5 and no authentication required, this poses an immediate threat to unpatched HotelDruid installations.

PHP Denial Of Service Hoteldruid

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy