cve/2019/CVE-2019-18387.md

### [CVE-2019-18387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18387)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.

### POC

#### Reference
- https://www.sevenlayers.com/index.php/266-hotel-and-lodge-management-system-1-0-sqli
- https://www.sevenlayers.com/index.php/266-hotel-and-lodge-management-system-1-0-sqli

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-18387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18387)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.`

			`### POC`

			`#### Reference`
			`- https://www.sevenlayers.com/index.php/266-hotel-and-lodge-management-system-1-0-sqli`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://www.sevenlayers.com/index.php/266-hotel-and-lodge-management-system-1-0-sqli`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`