CVE-2026-13552
HighCVSS 7.3Summary
A SQL injection vulnerability was found in the Online Hotel Management System 1.0 in the file /admin/mod_amenities/controller.php?action=edit. An attacker can remotely manipulate the amen_id argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The risk includes unauthorized database access, data leakage, and potential system compromise.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all user inputs.
Original NVD description (English source)
A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/mod_amenities/controller.php?action=edit. Performing a manipulation of the argument amen_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

