Hotel And Lodge Management System
Monthly
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /edit_booking.php, resulting in limited confidentiality and integrity impact. The vulnerability has public exploit code available but carries exceptionally low EPSS exploitation probability (0.03%, 8th percentile), suggesting minimal real-world threat despite network accessibility and low attack complexity.
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /edit_room.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /edit_customer.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Unrestricted file upload in SourceCodester Hotel and Lodge Management System version 1.0 allows high-privileged authenticated attackers to upload arbitrary files via the website_image or back_login_image parameters in /manage_website.php, potentially enabling remote code execution. Publicly available exploit code exists, though the low CVSS score of 2.0 reflects the requirement for high-level administrative privileges to trigger the vulnerability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the Contact parameter in /pages/save_customer.php, enabling data exfiltration or modification with limited scope impact. Publicly available exploit code exists and the vulnerability carries a low CVSS score (2.1) due to requirement for prior authentication and limited technical impact, though the public exploit availability increases practical exploitation risk for unpatched instances.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /del_tax.php. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited technical impact, but publicly available exploit code exists and the EPSS score of 0.03% indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the percentage argument in /pages/save_tax.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS score of 0.03% suggests low real-world exploitation probability despite the SQL injection capability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_booking.php, enabling unauthorized database queries with limited impact on confidentiality and integrity. Publicly available exploit code exists, but the EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, likely due to authentication requirement and limited scope of impact.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_curr.php, enabling database query modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates low real-world exploitation probability despite public disclosure, suggesting limited practical risk in typical deployments.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the currcode parameter in /pages/save_curr.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. CVSS 2.1 reflects the authentication requirement (PR:L) and restricted scope, but publicly available exploit code exists despite low EPSS score (0.03%), suggesting this is a low-priority threat suitable only for defense-in-depth and secure coding reviews rather than emergency patching.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_room.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists; however, EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, suggesting this is primarily a security researcher proof-of-concept rather than an active threat.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the floorno parameter in /pages/save_room.php, affecting data confidentiality and integrity with limited scope. CVSS score of 2.1 reflects low severity due to authentication requirement and limited impact, though publicly available exploit code exists and EPSS suggests minimal real-world exploitation probability at 0.03%.
Unrestricted file upload vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /profile.php, with publicly available exploit code and low real-world risk despite network accessibility due to authentication requirement and minimal impact scope.
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /edit_booking.php, resulting in limited confidentiality and integrity impact. The vulnerability has public exploit code available but carries exceptionally low EPSS exploitation probability (0.03%, 8th percentile), suggesting minimal real-world threat despite network accessibility and low attack complexity.
A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /edit_room.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /edit_customer.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Unrestricted file upload in SourceCodester Hotel and Lodge Management System version 1.0 allows high-privileged authenticated attackers to upload arbitrary files via the website_image or back_login_image parameters in /manage_website.php, potentially enabling remote code execution. Publicly available exploit code exists, though the low CVSS score of 2.0 reflects the requirement for high-level administrative privileges to trigger the vulnerability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the Contact parameter in /pages/save_customer.php, enabling data exfiltration or modification with limited scope impact. Publicly available exploit code exists and the vulnerability carries a low CVSS score (2.1) due to requirement for prior authentication and limited technical impact, though the public exploit availability increases practical exploitation risk for unpatched instances.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /del_tax.php. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited technical impact, but publicly available exploit code exists and the EPSS score of 0.03% indicates minimal real-world exploitation probability despite public POC availability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the percentage argument in /pages/save_tax.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists, though EPSS score of 0.03% suggests low real-world exploitation probability despite the SQL injection capability.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_booking.php, enabling unauthorized database queries with limited impact on confidentiality and integrity. Publicly available exploit code exists, but the EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, likely due to authentication requirement and limited scope of impact.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_curr.php, enabling database query modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% indicates low real-world exploitation probability despite public disclosure, suggesting limited practical risk in typical deployments.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the currcode parameter in /pages/save_curr.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. CVSS 2.1 reflects the authentication requirement (PR:L) and restricted scope, but publicly available exploit code exists despite low EPSS score (0.03%), suggesting this is a low-priority threat suitable only for defense-in-depth and secure coding reviews rather than emergency patching.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_room.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists; however, EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, suggesting this is primarily a security researcher proof-of-concept rather than an active threat.
SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the floorno parameter in /pages/save_room.php, affecting data confidentiality and integrity with limited scope. CVSS score of 2.1 reflects low severity due to authentication requirement and limited impact, though publicly available exploit code exists and EPSS suggests minimal real-world exploitation probability at 0.03%.
Unrestricted file upload vulnerability in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /profile.php, with publicly available exploit code and low real-world risk despite network accessibility due to authentication requirement and minimal impact scope.
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.