CVE-2026-3806

MEDIUM 6.3

SourceCodester/janobe Resort Reservation System room_rates.php sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CWE	CWE-89 CWE-74
Vendor	sourcecodester
Product	resort reservation system
Published	Mar 9, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for sourcecodester resort reservation system

Be the first to know when new medium vulnerabilities affecting sourcecodester resort reservation system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

SourceCodester / Resort Reservation System

1.0

janobe / Resort Reservation System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.349772 vuldb.com: https://vuldb.com/?ctiid.349772 vuldb.com: https://vuldb.com/?submit.768999 github.com: https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Resort-Reservation-System---SQLi2.md

Credits

🔍 webray.com.cn (VulDB User)