PatchSiren cyber security CVE debrief
CVE-2026-11342 code-projects CVE debrief
A SQL injection vulnerability has been discovered in the Hotel and Tourism Reservation System 1.0. This vulnerability affects an unknown function of the file /details.php and can be exploited remotely by manipulating the 'room' argument. The vulnerability has been publicly disclosed and can be used by attackers. The CVSS score for this vulnerability is 5.5, indicating a medium severity.
- Vendor
- code-projects
- Product
- Hotel and Tourism Reservation System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of the Hotel and Tourism Reservation System 1.0 should be aware of this vulnerability and take necessary steps to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation in the 'room' argument of the /details.php file, allowing attackers to inject malicious SQL code. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Medium
Recommended defensive actions
- Update the Hotel and Tourism Reservation System 1.0 to the latest version.
- Use prepared statements with parameterized queries to prevent SQL injection.
- Limit database privileges to the minimum required for the application.
- Monitor the system for suspicious activity.
Evidence notes
The vulnerability has been publicly disclosed and can be used by attackers. The CVSS score for this vulnerability is 5.5, indicating a medium severity.
Official resources
CVE-2026-11342 was published on 2026-06-05T18:17:04.733Z and modified on 2026-06-05T19:02:13.790Z.