EUVD-2026-14604
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Analysis
SQL injection in the Free Hotel Reservation System 1.0 admin panel allows unauthenticated remote attackers to manipulate the account_id parameter and execute arbitrary SQL queries with potential for data theft, modification, and system disruption. Public exploit code exists for this vulnerability, and no patch is currently available.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Immediately isolate affected systems from production networks and disable the /hotel/admin/mod_users/index.php endpoint if possible; notify incident response team and begin forensic assessment for signs of exploitation. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection payloads targeting the account_id parameter; implement database access controls and query monitoring; assess feasibility of upgrading or replacing the vulnerable application. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today