CVE-2026-3771 - Vulnerability Analysis
MediumCVSS: 6.3Last Updated: March 9, 2026
SourceCodester janobe Resort Reservation System - SQL Injection
Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester janobe Resort Reservation System 1.0 contains a SQL injection caused by manipulation of the "q" argument in /accomodation.php, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.
Severity & Score
Severity: Medium
CVSS Score: 6.3
Impact
Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.
Mitigation
Update to the latest version or apply patches to fix the SQL injection vulnerability.
References
Related Resources
Details
- CVE ID
- CVE-2026-3771
- Severity
- Medium
- CVSS Score
- 6.3
- Type
- sql_injection
- Status
- confirmed
CWE
- CWE-74
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L