| Title | Campcodes Online Hotel Reservation System V1.0 SQL Injection |
|---|
| Description | Vulnerability Type
- SQL injection
Root Cause
Online hotel reservation system project There is an SQL injection vulnerability in the /admin/index.php backend login box. The website can directly use the or 1=1 "universal password" for breakthrough login, which can be directly applied to SQL queries without the need for appropriate cleaning and verification. This enables attackers to forge input values, thereby conducting vertical SQL queries and performing unauthorized operations.
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
Online hotel reservation system project An SQL injection vulnerability was found in the /admin/index.php backend login box. The website can directly use the or 1=1 "universal password" for breakthrough login, which can be directly applied to SQL queries without the need for appropriate cleaning and verification. The reason is that in the ' /admin/login.php ' file, the login request data is received in the code and then enters the database for query. SQL statements directly linked to the connection without filtering have few restrictions. Without filtering, there are security risks.
|
|---|
| Source | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/1 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/29/2025 14:55 (11 months ago) |
|---|
| Moderation | 07/30/2025 19:54 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318356 [Campcodes Online Hotel Reservation System 1.0 Login /admin/index.php username/password sql injection] |
|---|
| Points | 20 |
|---|