Home > Vulnerability Database > CVE-2021-42948

Mend.io Vulnerability Database

CVE-2021-42948

Date: September 16, 2022

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

Severity Score

3.7

Related Resources (6)

Url: https://github.com/dhammon/HotelDruid-CVE-2021-42948

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-42948

Url: https://github.com/dhammon/Security

Url: https://security-tracker.debian.org/tracker/CVE-2021-42948

Url: https://www.hoteldruid.com/

Url: https://www.mend.io/vulnerability-database/CVE-2021-42948

Severity Score

3.7

Weakness Type (CWE)

Cleartext Transmission of Sensitive Information

CWE-319

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-42948

Date: September 16, 2022

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?