Unauthenticated SQL Injection in Sourcecodester Hotel and Lodge Management System 2.0

Unauthenticated SQL Injection in Sourcecodester Hotel and Lodge Management System 2.0

CVE-2020-21012 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.