CVE-2026-3800

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload16 documents4 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 87.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Janobe Resort Reservation System Sourcecodester Resort Reservation System Oretnom23 Resort Reservation System

Timeline

PublishedMar 9

Latest updateMar 10

Description

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5janobe/resort_reservation_system1.0

▶CVEListV5sourcecodester/resort_reservation_system1.0

▶NVDoretnom23/resort_reservation_system1.0

🔴Vulnerability Details

GHSA

GHSA-q5gc-m94w-rw4r: A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1↗2026-03-09

▶

CVEList

SourceCodester/janobe Resort Reservation System controller.php doInsert unrestricted upload↗2026-03-09

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2026-3545 Insufficient data validation in Navigation↗2026-03-10

▶

Microsoft

Chromium: CVE-2026-3539 Object lifecycle issue in DevTools↗2026-03-10

▶

Microsoft

Chromium: CVE-2026-3542 Inappropriate implementation in WebAssembly↗2026-03-10

▶

Microsoft

Chromium: CVE-2026-3543 Inappropriate implementation in V8↗2026-03-10

▶

Microsoft

Chromium: CVE-2026-3538 Integer overflow in Skia↗2026-03-10

▶