A vulnerability was found in SourceCodester Online Resort Management System 1.0 . It has been rated as critical . This affects an unknown part of the file /orms/admin/activities/manage_activity.php . The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-36942 . The attack can be initiated remotely. There is not any exploit available.