CVE-2026-3730 PUBLISHED

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

• ysi6701 (VulDB User) reporter

• VDB-349708 | itsourcecode Free Hotel Reservation System index.php sql injection
• VDB-349708 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #767010 | itsourcecode Free Hotel Reservation System V1.0 SQL Injection
• Submit #767385 | itsourcecode Free Hotel Reservation System V1.0 SQL Injection (Duplicate)
• https://github.com/anon387tdug/anon387/issues/1
• https://github.com/yihaofuweng/cve/issues/62
• https://itsourcecode.com/

• SQL Injection CWE
• Injection CWE