CVE-2026-4876

MEDIUM NVD

CVSS Score 6.3

Severity MEDIUM

Published Mar 26, 2026

Vendor unknown

Description

A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

References

https://github.com/bybinyu/Vulnerability-Practice/issues/5
https://itsourcecode.com/
https://vuldb.com/?ctiid.353559
https://vuldb.com/?id.353559
https://vuldb.com/?submit.777352