Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
CVE-2026-7506: SourceCodester Hotel Management System SQL Injection
CVE-2026-7506
Summary
The SourceCodester Hotel Management System has a security flaw that allows hackers to inject malicious SQL code, potentially allowing them to access sensitive data. This could happen if an attacker manipulates data sent to the system's reservation check feature. The vulnerability can be exploited remotely, and since it's been publicly disclosed, attackers may try to use it. It's essential for the system administrators to update or patch the system to prevent any potential attacks.
Original title
A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type ...
Original description
A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
5.5
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 30 Apr 2026 · Updated: 15 Jun 2026 · First seen: 1 May 2026