{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-4612/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-4612","sql-injection","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe itsourcecode Free Hotel Reservation System 1.0 is vulnerable to SQL injection (CVE-2026-4612). The vulnerability resides in the Parameter Handler component, specifically affecting the \u003ccode\u003e/hotel/admin/mod_users/index.php\u003c/code\u003e script. By manipulating the \u003ccode\u003eaccount_id\u003c/code\u003e parameter, a remote attacker can inject arbitrary SQL commands into the application\u0026rsquo;s database queries. The vulnerability was reported in March 2026 and has a CVSS v3.1 score of 7.3 (HIGH). Publicly available exploit code increases the…\u003c/p\u003e\n","date_modified":"2026-03-24T14:00:00Z","date_published":"2026-03-24T14:00:00Z","id":"/briefs/2026-03-hotel-reservation-sqli/","summary":"A SQL injection vulnerability (CVE-2026-4612) exists in itsourcecode Free Hotel Reservation System 1.0 within the Parameter Handler component, allowing remote attackers to execute arbitrary SQL commands via the account_id parameter in the /hotel/admin/mod_users/index.php script.","title":"SQL Injection Vulnerability in Free Hotel Reservation System 1.0","url":"https://feed.craftedsignal.io/briefs/2026-03-hotel-reservation-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-4612","version":"https://jsonfeed.org/version/1.1"}