Description
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection
Action: Patch
AI Analysis

Impact

The vulnerability is an SQL injection flaw located in the /orms/admin/reservations/view_details.php page of Sourcecodester Online Resort Management System v1.0. Because the application does not properly sanitize user input before embedding it into a database query, an attacker who can send a crafted request may cause the database to execute unintended SQL statements. The weakness matches CWE‑89: Improper Neutralization of Special Elements Used in an SQL Command and could potentially expose or modify data stored in the system.

Affected Systems

Only the 1.0 release of Sourcecodester Online Resort Management System is known to be affected. The flaw exists specifically in the administrative reservations view endpoint, so installations that expose that URL are at risk. No other versions or products are mentioned as affected.

Risk and Exploitability

The CVSS score of 2.7 indicates a low overall severity, reflecting limited impact and a modest audience. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the likely attack vector is a publicly reachable web request to /orms/admin/reservations/view_details.php. An attacker who can reach the endpoint could inject SQL commands if no defensive controls are in place; the exact scope of compromise would depend on the database permissions granted to the application.

Generated by OpenCVE AI on April 13, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or upgrade to a newer version that addresses the SQL injection flaw.
  • If no patch is available, restrict external access to /orms/admin/reservations/view_details.php by configuring firewall rules or disabling the administrative interface until remediation.
  • Implement input validation and use parameterized queries to prevent injection in the application code.

Generated by OpenCVE AI on April 13, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in Sourcecodester Online Resort Management System Admin Reservations View

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Resort Management System
Vendors & Products Sourcecodester
Sourcecodester online Resort Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.
References

Subscriptions

Sourcecodester Online Resort Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:20:06.526Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36937

cve-icon Vulnrichment

Updated: 2026-04-13T20:19:53.677Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T16:16:29.927

Modified: 2026-06-17T10:41:23.760

Link: CVE-2026-36937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:35:40Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')