CVE-2026-3800
SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
| CWE | CWE-434 CWE-284 |
| Vendor | sourcecodester |
| Product | resort reservation system |
| Published | Mar 9, 2026 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for sourcecodester resort reservation system
Be the first to know when new medium vulnerabilities affecting sourcecodester resort reservation system are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
SourceCodester / Resort Reservation System
1.0
janobe / Resort Reservation System
1.0
References
vuldb.com: https://vuldb.com/?id.349767 vuldb.com: https://vuldb.com/?ctiid.349767 vuldb.com: https://vuldb.com/?submit.768978 vuldb.com: https://vuldb.com/?submit.768998 github.com: https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Resort-Reservation-System---Unrestricted-Upload.md
Credits
๐ webray.com.cn (VulDB User)