PT-2026-25704 · Itsourcecode · Free Hotel Reservation System

Yu_Ji

Publicado

2026-03-16

Atualizado

2026-03-16

CVE-2026-4237

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0

Description A flaw exists in itsourcecode Free Hotel Reservation System version 1.0, specifically within the file /hotel/admin/mod reports/index.php. A manipulation of the Home argument can lead to SQL injection. This attack can be performed remotely. The exploit has been published.

Recommendations Apply any available updates or patches for itsourcecode Free Hotel Reservation System version 1.0. As a temporary workaround, restrict access to the /hotel/admin/mod reports/index.php file. Sanitize the Home argument to prevent SQL injection attacks.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-4237

Produtos afetados

Free Hotel Reservation System

PT-2026-25704 · Itsourcecode · Free Hotel Reservation System

CVE-2026-4237

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7