CVE-2024-42774

Name of the Vulnerable Software and Affected Versions Kashipara Hotel Management System version 1.0

Description An Incorrect Access Control issue was found in the /admin/delete room.php endpoint, allowing an unauthenticated attacker to delete valid hotel room entries in the administrator section.

Recommendations For Kashipara Hotel Management System version 1.0, consider restricting access to the /admin/delete room.php endpoint until a patch is available. As a temporary workaround, limit the functionality of the delete room feature to authenticated and authorized users only. At the moment, there is no information about a newer version that contains a fix for this issue.