SQL Injection Vulnerability in Hotel Management System by Unknown Vendor
CVE-2024-42556

9.8CRITICAL

Key Information:

Vendor: Unknown Vendor
Status: Hotel Management System
Vendor: CVE Published:; 20 August 2024

🔔 Create Unknown Vendor Vulnerability Alert

What is CVE-2024-42556?

A vulnerability was identified in the Hotel Management System that allows for SQL injection through the room_type parameter in the admin_room_removed.php file. This flaw can be exploited by an attacker to manipulate database queries, potentially leading to unauthorized data access or data manipulation. It is critical for users of the Hotel Management System to review their implementations for this vulnerability and apply necessary security measures.

References

https://gist.github.com/topsky979/9688bcdd3e05ba79ebf4ff1...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2024
Vulnerability Reserved
Aug 5, 2024

CVE-2024-42556 Data

JSON