제출 #850366: code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection정보

제목code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection
설명A vulnerability was found in Hotel and Tourism Reservation In PHP 1.0 on code-projects.org. The affected file is /ht/admin/add_tour.php of the component Tour Management Page. The manipulation of the GET parameter 'delete_image' with a crafted payload leads to SQL Injection (Time-based Blind). Payload used: (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'*/ Additional vulnerable parameter: GET 'edit'. The application directly concatenates user input into backend SQL queries without sanitization or parameterized queries. The attack can be initiated remotely without authentication. CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5 (High) Vendor was contacted on 2026-06-06 via email. No response received. Advisory: https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-add_tour.php-SQLi.md Product: https://code-projects.org/hotel-and-tourism-reservation-in-php-with-source-code/
원천⚠️ https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-add_tour.php-SQLi.md
사용자
 anubhav106 (UID 98769)
제출2026. 06. 06. AM 07:06 (29 날 ago)
모더레이션2026. 07. 04. PM 05:56 (28 days later)
상태수락
VulDB 항목376345 [code-projects Hotel and Tourism Reservation 1.0 Tour Management Page /admin/add_tour.php delete_image SQL 주입]
포인트들20

Want to know what is going to be exploited?

We predict KEV entries!