Submit #691466: travel-agency web 1 SQL Injection vulnerabilityinfo

Title	travel-agency web 1 SQL Injection vulnerability
Description	Travel Agency v.1.0 is vulnerable to an SQL Injection vulnerability. The user-controllable variable $search_query (retrieved from the $_GET['user_query'] parameter) is directly concatenated into the SQL query statement without any filtering or preprocessing. Attackers can construct a malicious user_query parameter to tamper with the SQL query logic and perform unauthorized database operations.
Source	⚠️ https://github.com/www223-ai/CVE/blob/main/travel-sql2.docx
User	www234 (UID 92385)
Submission	11/08/2025 05:09 (5 months ago)
Moderation	11/22/2025 15:56 (14 days later)
Status	Accepted
VulDB entry	333313 [ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Search /results.php user_query sql injection]
Points	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!