Product
A high-severity SQL injection vulnerability, CVE-2026-14688, exists in itsourcecode Online Hotel Management System 1.0 within the `/admin/login.php` file via the `email` argument, allowing remote unauthenticated attackers to bypass authentication and potentially exfiltrate data, with a publicly available exploit.