Submeter #850582: code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injectioninformação

Títulocode-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection
DescriçãoA vulnerability was found in Hotel and Tourism Reservation In PHP 1.0 on code-projects.org. The affected file is /ht/admin/add_event.php of the component Event Management Page. The manipulation of the POST parameter 'fdetails' with a crafted payload leads to SQL Injection (Time-based Blind). Payload used: 5550'XOR(555*if(now()=sysdate(),sleep(6),0))XOR'Z The application directly concatenates user input into backend SQL queries without sanitization or parameterized queries. The attack can be initiated remotely without authentication. CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5 (High) Vendor was contacted on 2026-06-06 via email. No response received. Advisory: https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-add_event.php_SQLi.md Product: https://code-projects.org/hotel-and-tourism-reservation-in-php-with-source-code/
Fonte⚠️ https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-add_event.php_SQLi.md
Utilizador
 anubhav106 (UID 98769)
Submissão06/06/2026 13h07 (há 28 dias)
Moderação04/07/2026 18h28 (28 days later)
EstadoAceite
Entrada VulDB376353 [code-projects Hotel and Tourism Reservation 1.0 Event Management Page /admin/add_event.php fdetails Injeção SQL]
Pontos20

Do you need the next level of professionalism?

Upgrade your account now!