CVE-2026-4612 in itsourcecode Free Hotel Reservation System
Résumé (Anglaise)
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Divulgation
24/03/2026
Entrées
| ID | Vulnérabilité | CWE | Base | Temp | 0day | Aujourd'hui | Exp | KEV | EPSS | CTI | Con | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 352476 | itsourcecode Free Hotel Reservation System Parameter index.php injection SQL | 89 | 7.3 | 6.9 | $0-$5k | $0-$5k | Preuve de concept | 0.00039 | 0.32 | Non défini | CVE-2026-4612 |