CVE-2020-21012

Name of the Vulnerable Software and Affected Versions: Sourcecodester Hotel and Lodge Management System version 2.0

Description: The issue allows remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. This is due to an unauthenticated SQL injection vulnerability.

Recommendations: For Sourcecodester Hotel and Lodge Management System version 2.0, as a temporary workaround, consider restricting access to the edit pages for Customer, Room, Currency, Room Booking Details, or Tax Details until a patch is available. Avoid using the email parameter in these edit pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.