← Back
2026-03-26 12:23CVE-2026-4875VulDB
PUBLISHED5.2ApplicationCWE-434CWE-284x_freeware

itsourcecode Free Hotel Reservation System index.php unrestricted upload

A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Problem type

Affected products

itsourcecode

Free Hotel Reservation System

1.0 - AFFECTED

References

VDB-353558 | itsourcecode Free Hotel Reservation System index.php unrestricted upload

https://vuldb.com/?id.353558

vdb-entrytechnical-description
VDB-353558 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.353558

signaturepermissions-required
Submit #776245 | itsourcecode Free Hotel Reservation System V1.0 Unrestricted Upload

https://vuldb.com/?submit.776245

third-party-advisory
github.com

https://github.com/bybinyu/Vulnerability-Practice/issues/4

exploitissue-tracking
itsourcecode.com

https://itsourcecode.com/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-4875
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-4875",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-26T12:23:31.296Z",
    "dateReserved": "2026-03-26T06:09:30.524Z",
    "datePublished": "2026-03-26T12:23:31.296Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-26T12:23:31.296Z"
      },
      "title": "itsourcecode Free Hotel Reservation System index.php unrestricted upload",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of the argument image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "affected": [
        {
          "vendor": "itsourcecode",
          "product": "Free Hotel Reservation System",
          "cpes": [
            "cpe:2.3:a:itsourcecode:free_hotel_reservation_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Unrestricted Upload",
              "cweId": "CWE-434",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Access Controls",
              "cweId": "CWE-284",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.353558",
          "name": "VDB-353558 | itsourcecode Free Hotel Reservation System index.php unrestricted upload",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.353558",
          "name": "VDB-353558 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.776245",
          "name": "Submit #776245 | itsourcecode Free Hotel Reservation System V1.0 Unrestricted Upload",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/bybinyu/Vulnerability-Practice/issues/4",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://itsourcecode.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 5.8
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-26T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-26T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-26T07:14:39.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "binyu (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}