| शीर्षक | code-projects Hotel and Tourism Reservation System 1.0 SQL Injection |
|---|
| विवरण | A critical SQL Injection vulnerability exists in the tour GET parameter of tour.php in Hotel and Tourism Reservation System 1.0. The parameter is passed directly into a raw SQL query with no sanitization, no prepared statements, and no input validation. An unauthenticated remote attacker can manipulate the query to extract, modify, or delete any data in the database. The vulnerability was confirmed by a full database dump using sqlmap. |
|---|
| स्रोत | ⚠️ https://github.com/Xmyronn/Hotel-and-Tourism-Reservation-System---Unauthenticated-SQL-Injection.git |
|---|
| उपयोगकर्ता | imad alvi (UID 97088) |
|---|
| सबमिशन | 11/05/2026 08:55 PM (24 दिन पहले) |
|---|
| संयम | 31/05/2026 06:41 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367583 [code-projects Hotel and Tourism Reservation System 1.0 GET Parameter tour.php tour SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|