Hotel And Lodge Management System
CVE-2019-18387
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
AnalysisAI
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. Affected products include: Hotel And Lodge Management System Project Hotel And Lodge Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the f
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function o
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an
Unrestricted file upload vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remo
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute a
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today