Hotel Management System
by Tushar 2223
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7506 | Hig | 0.47 | 7.3 | 0.00 | Apr 30, 2026 | A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. The attack may be launched remotely. The exploit has been… | ||
| CVE-2026-6142 | Hig | 0.47 | 7.3 | 0.00 | Apr 13, 2026 | A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote… | ||
| CVE-2025-14207 | Hig | 0.47 | 7.3 | 0.00 | Dec 8, 2025 | A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to… | ||
| CVE-2026-2553 | Med | 0.41 | 6.3 | 0.00 | Feb 16, 2026 | A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results… | ||
| CVE-2026-6492 | Med | 0.34 | 5.3 | 0.00 | Apr 17, 2026 | A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in… | ||
| CVE-2025-63949 | 0.00 | — | 0.00 | Dec 18, 2025 | A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php. | |||
| CVE-2024-25315 | 0.00 | — | 0.01 | Feb 9, 2024 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. | |||
| CVE-2024-25314 | 0.00 | — | 0.01 | Feb 9, 2024 | Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. | |||
| CVE-2022-36254 | 0.00 | — | 0.01 | Sep 12, 2022 | Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname". |
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in SourceCodester Hotel Management System 1.0. This impacts an unknown function of the file /index.php/reservation/check. Such manipulation of the argument room_type leads to sql injection. The attack may be launched remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Name/Email results…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in…
- CVE-2025-63949Dec 18, 2025risk 0.00cvss —epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php.
- CVE-2024-25315Feb 9, 2024risk 0.00cvss —epss 0.01
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2.
- CVE-2024-25314Feb 9, 2024risk 0.00cvss —epss 0.01
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2.
- CVE-2022-36254Sep 12, 2022risk 0.00cvss —epss 0.01
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".