CVE-2026-36942 identifies a SQL injection vulnerability in Sourcecodester Online Resort Management System v1.0 specifically within the /orms/admin/activities/manage_activity.php file. This vulnerability arises from improper sanitization or validation of user input used in SQL queries, enabling attackers to inject malicious SQL commands. The CVE entry does not provide a CVSS score, remediation details, or evidence of active exploitation. The affected software is not a cloud service, and no official patch or workaround information is available.

Successful exploitation of this SQL injection vulnerability could allow an attacker to execute arbitrary SQL commands on the backend database. This may lead to unauthorized data disclosure, data modification, or other database integrity issues. The absence of known exploits suggests limited active targeting at this time. However, the vulnerability poses a significant risk to the confidentiality and integrity of data managed by the affected system.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider restricting access to the vulnerable functionality and applying input validation or web application firewall rules to detect and block SQL injection attempts. Monitor vendor channels for updates regarding patches or official mitigations.