CVE-2024-23091

HIGH

HotelDruid <1.32 - Info Disclosure

Title source: llm

Description

Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0018
EPSS Percentile 38.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-916
Status published

Affected Products (1)

digitaldruid/hoteldruid < 1.3.2

Timeline

Published Jul 30, 2024
Tracked Since Feb 18, 2026