제출 #850344: code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection정보

제목code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection
설명A vulnerability was found in Hotel and Tourism Reservation In PHP 1.0 on code-projects.org. The affected file is /ht/admin/add_room.php of the component Room Management Page. The manipulation of the GET parameter 'delete_image' with a crafted payload leads to SQL Injection (Time-based Blind). Payload used: 150'XOR(15*if(now()=sysdate(),sleep(6),0))XOR'Z Additional vulnerable parameters: GET 'edit', POST 'description', 'number', 'price', 'rooms', 'type'. The application directly concatenates user input into backend SQL queries without sanitization or parameterized queries. The attack can be initiated remotely without authentication. CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5 (High) Vendor was contacted on 2026-06-06 via email. No response received. Advisory: https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-1-0-admin-add-room-php-25149909c16a Product: https://code-projects.org/hotel-and-tourism-reservation-in-php-with-source-code/
원천⚠️ https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-1-0-admin-add-room-php-25149909c16a
사용자
 anubhav106 (UID 98769)
제출2026. 06. 06. AM 06:28 (29 날 ago)
모더레이션2026. 07. 04. PM 05:56 (28 days later)
상태수락
VulDB 항목376343 [code-projects Hotel and Tourism Reservation 1.0 /admin/add_room.php SQL 주입]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!