5 matches found
CVE-2024-8951
The CVE-2024-8951 entry covers a cross-site scripting vulnerability in SourceCodester Resort Reservation System 1.0, arising from manipulation of the toview argument in the manage_fee.php file. The vulnerability is described as exploitable remotely, with public disclosure of the exploit. Connecte...
CVE-2026-3771
The CVE applies to SourceCodester/janobe Resort Reservation System 1.0, specifically the vulnerability in /accomodation.php where manipulating the q parameter leads to SQL injection. This is a remote, publicly disclosed issue with potential high impact on confidentiality, integrity, and availabil...
CVE-2026-3800
SourceCodester/janobe Resort Reservation System 1.0 is affected by CVE-2026-3800. The vulnerability lies in the doInsert function of /controller.php?action=add, where manipulation of the image argument enables unrestricted file upload. This could allow remote attackers to upload arbitrary files. ...
CVE-2026-3806
CVE-2026-3806 affects SourceCodester/janobe Resort Reservation System 1.0. The vulnerability is a SQL injection in an unknown handling of /room_rates.php triggered by the q parameter. Exploitation can be conducted remotely; the exploit has been publicly released and PoCs exist. No remediation det...
CVE-2026-3819
SourceCodester Resort Reservation System 1.0 contains a cross-site scripting (XSS) vulnerability in the Reservation Management module. The issue arises from manipulation of an argument ID in the file /?page=manage_reservation, enabling remote execution of XSS. The description notes the exploit ha...