CVE Catalog

CVE-2026-14688

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. An attacker can remotely manipulate the email argument, leading to SQL injection. The exploit is publicly available.

Risk Assessment

The organization is at risk of unauthorized database access, potentially leading to leakage of guest data, reservations, and admin passwords.

Recommendation

Immediately update the system to the latest version or apply a patch fixing the SQL injection. In the meantime, restrict access to the admin panel.

Original NVD description (English source)

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS