CVE-2022-22909

HIGH

HotelDruid 3.0.3 - Remote Code Execution via Create New Room Name Field

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-22909. PoCs published by 0z09e, kaal18.

AI-analyzed exploit summary This exploit targets Hotel Druid 3.0.3, leveraging a command injection vulnerability in the room addition functionality to achieve remote code execution. It automates login, privilege checks, and payload delivery via the 'n_app' parameter.

Description

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.

Exploits (3)

exploitdb WORKING POC

by 0z09e · pythonwebappsphp

https://www.exploit-db.com/exploits/50754

View Code ZIP pw:eip

This exploit targets Hotel Druid 3.0.3, leveraging a command injection vulnerability in the room addition functionality to achieve remote code execution. It automates login, privilege checks, and payload delivery via the 'n_app' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Hotel Druid 3.0.3

Auth required

Prerequisites: Valid credentials or unauthenticated dashboard access · User privilege to add rooms

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by 0z09e · poc

https://github.com/0z09e/CVE-2022-22909

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-22909, a code injection vulnerability in Hotel Druid v3.0.3. The exploit leverages improper handling of room names in `/dati/selectappartamenti.php` to achieve remote code execution by injecting a PHP payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Hotel Druid v3.0.3

Auth required

Prerequisites: Valid credentials to add a new room · Access to the `/dati/selectappartamenti.php` file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by kaal18 · poc

https://github.com/kaal18/CVE-2022-22909

View Code ZIP pw:eip

This repository contains two Python scripts demonstrating remote code execution (RCE) in Hotel Druid 3.0.3 via CVE-2022-22909. The exploit leverages PHP code injection in room names, which are stored in a PHP file and executed by the server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Hotel Druid 3.0.3

No auth needed

Prerequisites: Access to the Hotel Druid web interface · Ability to create or modify room names

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Vendor Advisory x_refsource_misc

https://www.hoteldruid.com

Exploit, Third Party Advisory x_refsource_misc

https://github.com/0z09e/CVE-2022-22909

Scores

CVSS v3 8.8

EPSS 0.4543

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

digitaldruid/hoteldruid 3.0.3

Published Mar 03, 2022

Tracked Since Feb 18, 2026