SQL Injection Vulnerability in Tushar-2223 Hotel Management System
CVE-2026-2553
Key Information:
- Vendor
Tushar-2223
- Status
- Vendor
- CVE Published:
- 16 February 2026
Badges
What is CVE-2026-2553?
A security vulnerability has been identified in the Tushar-2223 Hotel Management System affecting the HTTP POST Request Handler component, specifically the file /home.php. This flaw allows an attacker to manipulate arguments such as Name and Email, leading to SQL injection attacks that can be executed remotely. The exploit is known publicly, raising concerns over potential unauthorized data access or integrity breaches. Notably, Tushar-2223 employs a continuous delivery model with rolling releases, which complicates the tracking of affected versions. Despite early notifications sent to the vendor regarding this issue, no response has been received.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Hotel-Management-System bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved