Description
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
Published: 2026-04-13
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Apply Patch
AI Analysis

Impact

A SQL injection flaw exists in the file /orms/admin/rooms/manage_room.php of Sourcecodester Online Resort Management System v1.0. The weakness allows an attacker to inject arbitrary SQL statements, potentially exposing or modifying sensitive data stored in the database. This vulnerability is categorized as CWE-89, indicating improper handling of user-supplied input in database queries.

Affected Systems

The affected product is Sourcecodester Online Resort Management System, version 1.0. No other vendors or versions are listed. Users running unpatched instances of this version are at risk.

Risk and Exploitability

The CVSS score is 2.7, indicating low severity, and the EPSS score is not available, making the exact exploit likelihood unclear. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the web interface, but no explicit remote or local execution details are provided. Given the nature of the flaw, any user with access to the affected page could potentially exploit the injection if input is not validated.

Generated by OpenCVE AI on April 13, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether an updated version or patch is available from Sourcecodester and apply it if possible.
  • If no patch exists, modify the application to use parameterized queries or prepared statements for all database interactions involving user input.
  • Restrict access to /orms/admin/rooms/manage_room.php to authorized administrative users only.

Generated by OpenCVE AI on April 13, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Online Resort Management System

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Resort Management System
Vendors & Products Sourcecodester
Sourcecodester online Resort Management System

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.
References

Subscriptions

Sourcecodester Online Resort Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-13T20:21:23.952Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36941

cve-icon Vulnrichment

Updated: 2026-04-13T20:21:13.288Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T15:17:34.170

Modified: 2026-06-17T10:41:24.057

Link: CVE-2026-36941

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:35:45Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')