जमा करें #850343: code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injectionजानकारी

शीर्षकcode-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection
विवरणA vulnerability was found in Hotel and Tourism Reservation In PHP 1.0 on code-projects.org. The affected file is /ht/tour.php of the component Tour Booking Page. The manipulation of the POST parameter 'name' with a crafted payload leads to SQL Injection (Time-based Blind). Payload used: test'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z The application directly concatenates user input into backend SQL queries without sanitization or parameterized queries. The vulnerability requires no authentication and can be initiated remotely without user interaction. Additional vulnerable parameters in the same file: 'number', 'people' (POST). CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5 (High) Vendor was contacted on 2026-06-06 via email. No response received. Advisory: https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-1-0-tour-php-848b3c2a885b Product: https://code-projects.org/hotel-and-tourism-reservation-in-php-with-source-code/
स्रोत⚠️ https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-1-0-tour-php-848b3c2a885b
उपयोगकर्ता
 anubhav106 (UID 98769)
सबमिशन06/06/2026 06:22 AM (29 दिन पहले)
संयम04/07/2026 05:54 PM (28 days later)
स्थितिप्रतिलिपि
VulDB प्रविष्टि367583 [code-projects Hotel and Tourism Reservation System 1.0 GET Parameter tour.php tour SQL इंजेक्शन]
अंक0

Might our Artificial Intelligence support you?

Check our Alexa App!