CVE-2025-44203
Published Jun 20, 2025
Last updated a month ago
- Description
- In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.
- Source
- cve@mitre.org
- NVD status
- Received
- Hype score
- Not currently trending
CVE-2025-44203 In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malfo… https://t.co/Nm6pyHG9Df
@CVEnew
21 Jun 2025
370 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-44203 SQL Injection in HotelDruid 3.0.7 Enabling Credential Disclosure and DoS https://t.co/eCEbXkxYZ5
@VulmonFeeds
20 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes