Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in its admin login functionality. Unauthenticated attackers can inject malicious SQL payloads into the 'username' parameter of POST requests to `index.php?action=processlogin`. This allows them to bypass authentication, extract sensitive database information, or gain unauthorized administrative access.
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.
Wecodex Hotel CMS 1.0 installations are at high risk of unauthenticated attackers gaining administrative access and sensitive data through SQL injection.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
Affected Products
3
References
wecodex / hotel_cms
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Exploitability
Impact