CVE-2022-22909

HIGH

Digitaldruid Hoteldruid - Code Injection

Title source: rule

Description

HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.

Exploits (3)

exploitdb WORKING POC

by 0z09e · pythonwebappsphp

https://www.exploit-db.com/exploits/50754

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by 0z09e · poc

https://github.com/0z09e/CVE-2022-22909

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by kaal18 · poc

https://github.com/kaal18/CVE-2022-22909

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/0z09e/CVE-2022-22909

[Product, Vendor Advisory] https://www.hoteldruid.com

Scores

CVSS v3 8.8

EPSS 0.3310

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

digitaldruid/hoteldruid 3.0.3

Published Mar 03, 2022

Tracked Since Feb 18, 2026