Skip to main content

Hotel And Lodge Management System CVE-2019-18387

CRITICAL
SQL Injection (CWE-89)
2019-10-23 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 23, 2019 - 23:15 nvd
CRITICAL 9.8

DescriptionNVD

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

AnalysisAI

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. Affected products include: Hotel And Lodge Management System Project Hotel And Lodge Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2025-11473 MEDIUM POC
5.5 Oct 08

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function

CVE-2025-11472 MEDIUM POC
5.5 Oct 08

A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the f

CVE-2025-11471 MEDIUM POC
5.5 Oct 08

A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function o

CVE-2025-11397 MEDIUM POC
5.5 Oct 07

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an

CVE-2025-11398 LOW POC
2.1 Oct 07

Unrestricted file upload vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remo

CVE-2025-11474 LOW POC
2.1 Oct 08

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat

CVE-2025-11469 LOW POC
2.1 Oct 08

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat

CVE-2025-11405 LOW POC
2.1 Oct 07

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute a

CVE-2025-11404 LOW POC
2.1 Oct 07

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat

CVE-2025-11403 LOW POC
2.1 Oct 07

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat

CVE-2025-11402 LOW POC
2.1 Oct 07

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat

CVE-2025-11401 LOW POC
2.1 Oct 07

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulat

Share

CVE-2019-18387 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy