CVE-2021-41511
Vendor
Description:
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication. A malicious user can store a malicious payload into the accommodations app and can hijack the PHPSESSID, then he can use to hijack a login session.
