A vulnerability was found in itsourcecode Online Hotel Management System 1.0 . It has been declared as critical . Affected by this issue is some unknown functionality of the file /admin/mod_users/controller.php?action=add . The manipulation of the argument Name results in sql injection. This vulnerability is reported as CVE-2026-13555 . The attack can be launched remotely. Moreover, an exploit is present.