HotelDruid v3.0.3 Remote Code Execution (RCE) Vulnerability via Crafted Payload in Create New Room Module

HotelDruid v3.0.3 Remote Code Execution (RCE) Vulnerability via Crafted Payload in Create New Room Module

CVE-2022-22909 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.

Learn more about our Web Application Penetration Testing UK.