PT-2026-25704 · Itsourcecode · Free Hotel Reservation System
Yu_Ji
·
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2026-4237
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
itsourcecode Free Hotel Reservation System version 1.0
Description
A flaw exists in itsourcecode Free Hotel Reservation System version 1.0, specifically within the file
/hotel/admin/mod reports/index.php. A manipulation of the Home argument can lead to SQL injection. This attack can be performed remotely. The exploit has been published.Recommendations
Apply any available updates or patches for itsourcecode Free Hotel Reservation System version 1.0.
As a temporary workaround, restrict access to the
/hotel/admin/mod reports/index.php file.
Sanitize the Home argument to prevent SQL injection attacks.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Free Hotel Reservation System