CVE Catalog

CVE-2026-13555

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in Online Hotel Management System 1.0 in the file /admin/mod_users/controller.php?action=add. Manipulation of the Name argument allows remote SQL injection. The exploit has been made public, increasing attack risk.

Risk Assessment

An attacker can remotely extract, modify, or delete database data, including user and booking information, leading to confidentiality and integrity breaches.

Recommendation

Immediately implement parameterized SQL queries or input validation for the Name argument. Update the system to the latest version or apply temporary patches.

Original NVD description (English source)

A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/mod_users/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS