A vulnerability has been found in itsourcecode Online Hotel Management System 1.0 and classified as critical . This impacts an unknown function of the file /admin/mod_amenities/controller.php?action=edit . Performing a manipulation of the argument amen_id results in sql injection. This vulnerability is cataloged as CVE-2026-13552 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available.