Unknown · Rigatur Online Booking/Hotel Management System · CVE-2022-2673
**Name of the Vulnerable Software and Affected Versions**
Rigatur Online Booking and Hotel Management System version aff6409
**Description**
A critical issue was found in the file login.php of the component POST Request Handler, where the manipulation of the `email/pass` argument leads to sql injection. The attack can be launched remotely.
**Recommendations**
For version aff6409, consider restricting access to the login.php file until a patch is available. As a temporary workaround, avoid using the `email/pass` argument in the affected POST Request Handler to minimize the risk of exploitation.