A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Link | Tags |
---|---|
https://gist.github.com/topsky979/4b22a22c73b16c7c22c06d4b3f033fdc | exploit third party advisory |