PT-2025-26447 · Unknown · Sourcecodester Online Hotel Reservation System
Rom4J
·
Published
2025-06-20
·
Updated
2025-11-13
·
CVE-2025-6355
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Online Hotel Reservation System version 1.0
Description:
A critical issue has been found, affecting the /admin/execeditroom.php file, where the manipulation of the
userid argument leads to SQL injection. This issue can be initiated remotely.Recommendations:
For SourceCodester Online Hotel Reservation System version 1.0, consider restricting access to the /admin/execeditroom.php file and avoid using the
userid argument until a fix is available. As a temporary workaround, restrict the manipulation of the userid argument to minimize the risk of SQL injection exploitation.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sourcecodester Online Hotel Reservation System