| 제목 | code-projects Hotel And Tourism Reservation System 1.0 SQL Injection |
|---|
| 설명 | Multiple SQL injection vulnerabilities were discovered in details.php of the Hotel And Tourism Reservation System. The $_GET['room'] parameter is directly concatenated into SELECT and UPDATE queries without sanitization, and multiple $_POST parameters (fullname, in_date, out_date, phone, people, email) are concatenated into an INSERT query. These flaws allow any unauthenticated remote attacker to extract sensitive database information, modify reservation records, and potentially compromise the entire application backend. |
|---|
| 원천 | ⚠️ https://github.com/khanfyhhfgfe-cmyk/ht-sql/blob/main/ht_sql.md |
|---|
| 사용자 | 12139xxl (UID 98367) |
|---|
| 제출 | 2026. 05. 19. AM 08:08 (23 날 ago) |
|---|
| 모더레이션 | 2026. 06. 05. AM 10:20 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368883 [code-projects Hotel and Tourism Reservation System 1.0 /details.php room SQL 주입] |
|---|
| 포인트들 | 20 |
|---|