| शीर्षक | code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection |
|---|
| विवरण | A vulnerability was found in Hotel and Tourism Reservation In PHP 1.0 on code-projects.org. The affected file is /ht/admin/rooms.php of the component Room Management Page. The manipulation of the GET parameter 'delete' with a crafted payload leads to SQL Injection (Time-based Blind).
Payload used:
150'XOR(15*if(now()=sysdate(),sleep(6),0))XOR'Z
The application directly concatenates user input into backend SQL queries without sanitization or parameterized queries. The attack can be initiated remotely without authentication.
CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 7.5 (High)
Vendor was contacted on 2026-06-06 via email. No response received.
Advisory: https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-rooms.php-SQLi.md
Product: https://code-projects.org/hotel-and-tourism-reservation-in-php-with-source-code/ |
|---|
| स्रोत | ⚠️ https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-rooms.php-SQLi.md |
|---|
| उपयोगकर्ता | anubhav106 (UID 98769) |
|---|
| सबमिशन | 06/06/2026 01:03 PM (29 दिन पहले) |
|---|
| संयम | 04/07/2026 06:28 PM (28 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 376351 [code-projects Hotel and Tourism Reservation 1.0 Room Management Page /admin/rooms.php delete SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|