Vulnerability Description
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Digitaldruid | Hoteldruid | < 2.3.1 |
Related Weaknesses (CWE)
References
- http://www.hoteldruid.com/en/download.htmlRelease NotesVendor Advisory
- https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_HoExploitThird Party Advisory
- http://www.hoteldruid.com/en/download.htmlRelease NotesVendor Advisory
- https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_HoExploitThird Party Advisory
FAQ
What is CVE-2019-9084?
CVE-2019-9084 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /t...
How severe is CVE-2019-9084?
CVE-2019-9084 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9084?
Check the references section above for vendor advisories and patch information. Affected products include: Digitaldruid Hoteldruid.