Skip to main content

Online Hotel Management System

3 CVEs product

Monthly

CVE-2026-14688 MEDIUM POC This Month

SQL injection in itsourcecode Online Hotel Management System 1.0 exposes the admin login endpoint to remote unauthenticated exploitation via an unsanitized `email` parameter in `/admin/login.php`. A public proof-of-concept is available on GitHub (reflected in the CVSS 4.0 E:P metric), meaning exploitation requires minimal technical skill and is accessible to opportunistic attackers. No CISA KEV listing has been identified, but the zero-authentication barrier combined with available exploit code makes this a practical risk for any internet-exposed deployment.

SQLi PHP Online Hotel Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2023-34487 CRITICAL POC Act Now

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34486 MEDIUM POC This Month

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Hotel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode Online Hotel Management System 1.0 exposes the admin login endpoint to remote unauthenticated exploitation via an unsanitized `email` parameter in `/admin/login.php`. A public proof-of-concept is available on GitHub (reflected in the CVSS 4.0 E:P metric), meaning exploitation requires minimal technical skill and is accessible to opportunistic attackers. No CISA KEV listing has been identified, but the zero-authentication barrier combined with available exploit code makes this a practical risk for any internet-exposed deployment.

SQLi PHP Online Hotel Management System
NVD VulDB GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Management System
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy