itsourcecode Online Hotel Management System controller.php add unrestricted upload

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/mod_amenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used.

Basic Information

ID CVE-2026-13553

Source VulDB

Published Jun 29, 2026 at 09:00

Affected Product

Vendor itsourcecode

Product Online Hotel Management System

Version 1.0

Affected Versions itsourcecode Online Hotel Management System 1.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown function of the file /admin/mod_amenities/controller.php?action=add. Executing a manipulation of the argument image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used.",
    "published": "2026-06-29T09:00:11.093Z",
    "modified": "2026-06-29T09:00:11.093Z",
    "type": "cve",
    "title": "itsourcecode Online Hotel Management System controller.php add unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/374561\nhttps://vuldb.com/vuln/374561/cti\nhttps://vuldb.com/cve/CVE-2026-13553\nhttps://vuldb.com/submit/843570\nhttps://github.com/Hh-176/CVE/issues/4\nhttps://itsourcecode.com/",
    "id": "CVE-2026-13553",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "itsourcecode Online Hotel Management System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Online Hotel Management System",
    "version": "1.0",
    "vendor": "itsourcecode",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

itsourcecode Online Hotel Management System controller.php add unrestricted upload_CVE-2026-13553