| عنوان | Campcodes Online Hotel Reservation System V1.0 SQL Injection |
|---|
| الوصف | Vulnerability Type
- SQL injection
Root Cause
Online hotel reservation system project There is an SQL injection vulnerability in the /admin/index.php backend login box. The website can directly use the or 1=1 "universal password" for breakthrough login, which can be directly applied to SQL queries without the need for appropriate cleaning and verification. This enables attackers to forge input values, thereby conducting vertical SQL queries and performing unauthorized operations.
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
Online hotel reservation system project An SQL injection vulnerability was found in the /admin/index.php backend login box. The website can directly use the or 1=1 "universal password" for breakthrough login, which can be directly applied to SQL queries without the need for appropriate cleaning and verification. The reason is that in the ' /admin/login.php ' file, the login request data is received in the code and then enters the database for query. SQL statements directly linked to the connection without filtering have few restrictions. Without filtering, there are security risks.
|
|---|
| المصدر | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/1 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 29/07/2025 02:55 PM (11 أشهر منذ) |
|---|
| الاعتدال | 30/07/2025 07:54 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 318356 [Campcodes Online Hotel Reservation System 1.0 Login /admin/index.php username/password حقن SQL] |
|---|
| النقاط | 20 |
|---|