Bitdefender has identified five vulnerabilities in the IRM Next Generation online booking system that have been exploited in the wild since 2021 to drop malware IRM servers

All five remain unpatched as the vendor has not responded to any private disclosure efforts

https://www.bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained/