CVE-2019-25750
Joomla J-MultipleHotelReservation 6.0.7 SQL Injection
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL UNION SELECT statements to extract sensitive database information including table names and column data.
| CWE | CWE-89 |
| Vendor | cmsjunkie |
| Product | multiplehotelreservation |
| Published | Jun 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for cmsjunkie multiplehotelreservation
Be the first to know when new high vulnerabilities affecting cmsjunkie multiplehotelreservation are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
Cmsjunkie / MultipleHotelReservation
6.0.7
References
exploit-db.com: https://www.exploit-db.com/exploits/46232 cmsjunkie.com: http://cmsjunkie.com/ extensions.joomla.org: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jmultiplehotelreservation/ vulncheck.com: https://www.vulncheck.com/advisories/joomla-j-multiplehotelreservation-sql-injection
Credits
Ihsan Sencan