Отправить #832902: code-projects Hotel And Tourism Reservation System 1.0 SQL InjectionИнформация

Названиеcode-projects Hotel And Tourism Reservation System 1.0 SQL Injection
ОписаниеMultiple SQL injection vulnerabilities were discovered in details.php of the Hotel And Tourism Reservation System. The $_GET['room'] parameter is directly concatenated into SELECT and UPDATE queries without sanitization, and multiple $_POST parameters (fullname, in_date, out_date, phone, people, email) are concatenated into an INSERT query. These flaws allow any unauthenticated remote attacker to extract sensitive database information, modify reservation records, and potentially compromise the entire application backend.
Источник⚠️ https://github.com/khanfyhhfgfe-cmyk/ht-sql/blob/main/ht_sql.md
Пользователь
 12139xxl (UID 98367)
Представление19.05.2026 08:08 (23 дни назад)
Модерация05.06.2026 10:20 (17 days later)
Статуспринято
Запись VulDB368883 [code-projects Hotel and Tourism Reservation System 1.0 /details.php room SQL-инъекция]
Баллы20

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!