CVE-2026-13552 itsourcecode Online Hotel Management System controller.php edit sql injection

A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unknown function of the file /admin/modamenities/controller.php?action=edit. Performing a manipulation of the argument amenid results in sql injection. It is possible to initiate the attack remotely...

CVE-2026-34358 CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal.

...

PT-2024-30144 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: An Incorrect Access Control issue was found in the /admin/edit room controller.php file, allowing an unauthenticated attacker to edit valid hotel room entries in the administrator...

Bolt CMS 路径遍历漏洞

Bolt is a simple CMS written in PHP. A directory traversal vulnerability exists in Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in versions of Bolt prior to 4.1.13. No detailed vulnerability details are provided at this time...