Impact
An input validation flaw in the /admin/login.php file allows an attacker to inject arbitrary SQL through the email argument. The vulnerability is exploitable over the network and public exploit code exists, enabling unauthorized access to the underlying database. Compromise can lead to disclosure or modification of sensitive data stored in the system.
Affected Systems
itsourcecode Online Hotel Management System version 1.0 is affected. Only this version of the product is mentioned in the release notes and the vulnerability report.
Risk and Exploitability
The CVSS score of 6.9 indicates moderate severity. The EPSS score is not available, so the estimated exploitation probability is unknown, but the existence of a publicly accessible exploit and the remote attack vector raise concern. Since the issue is not listed in the CISA KEV catalog, there is no current active warning, though the vulnerability can still be leveraged by attackers.
OpenCVE Enrichment