CVE-2026-3730
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Analysis
SQL injection in Free Hotel Reservation System 1.0 allows remote attackers to manipulate the amen_id and rmtype_id parameters in the amenities management interface, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running Free Hotel Reservation System 1.0 and restrict network access to the /hotel/admin/ path to authorized personnel only; document current amenities configurations as backup. Within 7 days: Implement WAF rules to block suspicious POST/GET requests to index.php?view=edit and enable detailed logging of all admin access; assess whether the system is customer-facing or internal. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today