CVE-2026-14688
HighCVSS 7.3Summary
A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. An attacker can remotely manipulate the email argument, leading to SQL injection. The exploit is publicly available.
Risk Assessment
The organization is at risk of unauthorized database access, potentially leading to leakage of guest data, reservations, and admin passwords.
Recommendation
Immediately update the system to the latest version or apply a patch fixing the SQL injection. In the meantime, restrict access to the admin panel.
Original NVD description (English source)
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

