CVE-2020-21012

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
01/10/2021
Last modified:
08/10/2021

Description

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools