CVE-2026-13553
HighCVSS 7.3Summary
A flaw in Online Hotel Management System 1.0 in the file /admin/mod_amenities/controller.php?action=add allows unrestricted file upload via the image argument. This can lead to remote code execution. The exploit has been published and may be used.
Risk Assessment
An attacker can upload a malicious file (e.g., PHP script) to the server, potentially leading to full system compromise, data theft, or further attacks on the infrastructure.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement file type validation and upload size restrictions.
Original NVD description (English source)
A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/mod_amenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used.

