CVE-2024-42775
CRITICALKashipara Hotel Management System <1.0 - Info Disclosure
Title source: llmDescription
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf
Product
https://www.kashipara.com/
Scores
CVSS v3
9.1
EPSS
0.0048
EPSS Percentile
38.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (1)
jayesh/hotel_management_system
1.0
Published
Aug 22, 2024
Tracked Since
Feb 18, 2026