CVE-2026-4612 | itsourcecode Free Hotel Reservation System 1.0 Parameter index.php?view=edit&id=8 account_id sql injection

Inserito da Angelo Barbosa | Mar 23, 2026 | CVE

A vulnerability marked as critical has been reported in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection.

This vulnerability is referenced as CVE-2026-4612. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

CVE-2026-4612 | itsourcecode Free Hotel Reservation System 1.0 Parameter index.php?view=edit&id=8 account_id sql injection

Post correlati

CVE-2024-28576 | FreeImage 3.19.0 r1909 J2K Image opj_j2k_tcp_destroy buffer overflow

CVE-2025-15496 | guchengwuyue yshopmall up to 1.9.1 /api/jobs getPage sort sql injection

CVE-2024-27961 | Codekraft AntiSpam for Contact Form 7 Plugin up to 0.6.0 on WordPress cross site scripting

CVE-2024-47320 | WS Form LITE Plugin up to 1.9.238 on WordPress cross site scripting