CVE-2026-6142 | tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 /admin/roomdelete.php ID sql injection (Issue 15)

A vulnerability was found in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection.

This vulnerability is referenced as CVE-2026-6142. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-6142 | tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 /admin/roomdelete.php ID sql injection (Issue 15)

Post correlati

CVE-2025-47736 | gwenn libsql-sqlite3-parser up to 0.13.0 UTF-8 dialect/mod.rs syntactically invalid structure (Issue 86)

CVE-2025-22641 | Prem Tiwari FM Notification Bar Plugin up to 1.0.2 on WordPress cross site scripting

CVE-2025-24892 | opf openproject up to 15.2.0 Group Management Section cross site scripting

CVE-2024-38525 | DataDog dd-trace-cpp up to 0.2.1 denial of service (GHSA-rf3p-mg22-qv6w)