CVE-2020-21012

CRITICAL

Sourcecodester Hotel and Lodge Management System 2.0 - Unauthenticated SQL Injection via Email Parameter

Title source: llm
STIX 2.1

Description

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0345
EPSS Percentile 87.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
hotel_and_lodge_booking_management_system_project/hotel_and_lodge_booking_management_system 2.0
Published Oct 01, 2021
Tracked Since Feb 18, 2026