GHSA-v8jc-3fg2-vvgcHighCVSS 8.2

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that...

Published
June 19, 2026
Last Modified
June 19, 2026

🔗 CVE IDs covered (1)

📋 Description

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL UNION SELECT statements to extract sensitive database information including table names and column data.

🔗 References (6)