CVE-2024-42775

An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf	Exploit Third Party Advisory
https://www.kashipara.com/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:jayesh:hotel_management_system:1.0:*:*:*:*:*:*:*

History

30 Apr 2025, 16:50

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jayesh:hotel_management_system:1.0:::::::*
First Time		Jayesh hotel Management System Jayesh
CWE		NVD-CWE-noinfo
References	~~() https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf -~~	() https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Add%20New%20Room%20Entry.pdf - Exploit, Third Party Advisory
References	~~() https://www.kashipara.com/ -~~	() https://www.kashipara.com/ - Product

Information

Published : 2024-08-22 17:15

Updated : 2025-04-30 16:50

NVD link : CVE-2024-42775

Mitre link : CVE-2024-42775

CVE.ORG link : CVE-2024-42775

JSON object : View

Products Affected

jayesh

hotel_management_system

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

9.1 /10