CVE Catalog

CVE-2026-13552

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in the Online Hotel Management System 1.0 in the file /admin/mod_amenities/controller.php?action=edit. An attacker can remotely manipulate the amen_id argument, leading to SQL injection. The exploit is publicly available.

Risk Assessment

The risk includes unauthorized database access, data leakage, and potential system compromise.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all user inputs.

Original NVD description (English source)

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/mod_amenities/controller.php?action=edit. Performing a manipulation of the argument amen_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS