CVE-2026-5551

Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0

Description A security flaw exists in itsourcecode Free Hotel Reservation System 1.0. The vulnerability is located in unknown code within the /hotel/admin/login.php file, specifically within the Parameter Handler component. Manipulation of the email argument can lead to SQL injection. The attack can be launched remotely, and an exploit has been publicly released.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /hotel/admin/login.php file.