https://feed.craftedsignal.io/tags/cve-2026-4612/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 24 Mar 2026 14:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-hotel-reservation-sqli/Tue, 24 Mar 2026 14:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-hotel-reservation-sqli/A SQL injection vulnerability (CVE-2026-4612) exists in itsourcecode Free Hotel Reservation System 1.0 within the Parameter Handler component, allowing remote attackers to execute arbitrary SQL commands via the account_id parameter in the /hotel/admin/mod_users/index.php script.The itsourcecode Free Hotel Reservation System 1.0 is vulnerable to SQL injection (CVE-2026-4612). The vulnerability resides in the Parameter Handler component, specifically affecting the /hotel/admin/mod_users/index.php script. By manipulating the account_id parameter, a remote attacker can inject arbitrary SQL commands into the application’s database queries. The vulnerability was reported in March 2026 and has a CVSS v3.1 score of 7.3 (HIGH). Publicly available exploit code increases the…

]]>highadvisorycve-2026-4612sql-injectionweb-application