PatchSiren

claudiopizzillo CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL claudiopizzillo CVE published 2026-06-18

CVE-2026-54419

The PIAF-HMS (PBX-In-A-Flash Hotel Management System) by Claudiop Pizzillo contains multiple unauthenticated SQL injection vulnerabilities. The application lacks an authentication mechanism and directly injects user-supplied HTTP parameters into deprecated mysql_query() calls without sanitization, escaping, or parameterization. Affected components include rooms.php, checkuser.php, ec.php, checkin.php, wak [truncated]