CVE-2019-18387

CRITICAL

Sourcecodester Hotel and Lodge Management System 1.0 - Unauthenticated SQL Injection via id Parameter

Title source: llm
STIX 2.1

Description

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0140
EPSS Percentile 69.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
hotel_and_lodge_management_system_project/hotel_and_lodge_management_system 1.0
Published Oct 23, 2019
Tracked Since Feb 18, 2026