CVE-2019-9084

low-risk
Published 2019-06-07

In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).

Do I need to act?

-
0.73% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Digitaldruid

References (4)

Release Notes http://www.hoteldruid.com/en/download.html
Exploit https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_Ho...
Release Notes http://www.hoteldruid.com/en/download.html
Exploit https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_Ho...
27
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal