CVE-2026-13552

Description

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/mod_amenities/controller.php?action=edit. Performing a manipulation of the argument amen_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

References

• https://github.com/Hh-176/CVE/issues/3
• https://itsourcecode.com/
• https://vuldb.com/cve/CVE-2026-13552
• https://vuldb.com/submit/843569
• https://vuldb.com/vuln/374560