SQL Injection Vulnerability in Free Hotel Reservation System 1.0
A SQL injection vulnerability (CVE-2026-4612) exists in itsourcecode Free Hotel Reservation System 1.0 within the Parameter Handler component, allowing remote attackers to execute arbitrary SQL commands via the account_id parameter in the /hotel/admin/mod_users/index.php script.
The itsourcecode Free Hotel Reservation System 1.0 is vulnerable to SQL injection (CVE-2026-4612). The vulnerability resides in the Parameter Handler component, specifically affecting the /hotel/admin/mod_users/index.php script. By manipulating the account_id parameter, a remote attacker can inject arbitrary SQL commands into the application’s database queries. The vulnerability was reported in March 2026 and has a CVSS v3.1 score of 7.3 (HIGH). Publicly available exploit code increases the…
Detection coverage 2
Detect SQL Injection Attempt via Account ID
highDetects potential SQL injection attempts targeting the account_id parameter in the Free Hotel Reservation System.
Detect SQL Injection Attempt via URI
mediumDetects potential SQL injection attempts based on suspicious keywords in the URI.
Detection queries are kept inside the platform. Get full rules →