| Title | Campcodes Online Hotel Reservation System V1.0 SQL Injection |
|---|
| Description | Root Cause
In Online Hotel Reservation System "/add_reserve.php" found a SQL injection vulnerabilities. Websites can directly use blind injection for SQL queries. Attackers can observe the application's response or other visible behaviors to determine whether the injection is successful and further probe and exploit the data in the database.
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
In Online Hotel Reservation System"/add_reserve.php" has discovered an SQL injection vulnerability. Websites can directly apply blind injection to SQL queries. Attackers obtain information about the database content by injecting conditional statements and taking advantage of Boolean condition-based judgments in the application. Attackers can try different conditions and verify their correctness based on the application's response. When constructing SQL query statements, the program directly uses the ID input by the user without performing any verification or filtering on it. Therefore, arbitrary SQL queries can be executed by entering malicious ids.
|
|---|
| Source | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/4 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/29/2025 16:15 (11 months ago) |
|---|
| Moderation | 07/30/2025 19:54 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318359 [Campcodes Online Hotel Reservation System 1.0 /add_reserve.php room_id sql injection] |
|---|
| Points | 20 |
|---|