Hotel Management System
CVE-2022-28110
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.
AnalysisAI
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. Affected products include: Hotel Management System Project Hotel Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Hotel Management System
View allHotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type paramet
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. Ra
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management Sys
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management Syst
A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 all
A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 al
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type paramet
A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allo
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. Ra
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today