Submit #768181: code-projects simple flight booking system published February 14, 2026 SQL Injectioninfo

Titlecode-projects simple flight booking system published February 14, 2026 SQL Injection
DescriptionSummary The vulnerability exists in multiple components of the Simple Flight Ticket Booking System due to improper input validation and unsafe SQL query construction. Several endpoints directly concatenate user-controlled input into SQL statements, leading to classic SQL Injection (SQLi) vulnerabilities. Root Cause The application fails to sanitize or parameterize user-controlled input passed into mysqli_query() calls across multiple files such as login.php, register.php, Adminadd.php, Adminupdate.php, Admindelete.php, Adminsearch.php, cartdelete.php, and pay.php. For example, in login.php: $username = $_POST['username']; $res = mysqli_query($conn, "SELECT * FROM passanger WHERE username='$username'"); User input is directly embedded into the SQL string without prepared statements or escaping, allowing attackers to manipulate the query structure. Reproduction Access the login page of the application. Send the following POST request to login.php: POST /flight booking/login.php Content-Type: application/x-www-form-urlencoded username=' UNION SELECT 'attacker','a','pwn','a','a','a','a','a','2020-01-01' -- -&pwd=pwn If successful, the application redirects to homepage.html, demonstrating authentication bypass via SQL Injection. Alternatively, a time-based proof can be triggered using: GET /flight booking/Adminsearch.php?flightno=' OR SLEEP(3) -- - If the response is delayed by approximately 3 seconds, the SQL Injection vulnerability is confirmed. Impact This vulnerability allows remote attackers to: Bypass authentication mechanisms. Extract sensitive database information. Insert, modify, or delete flight and booking records. Manipulate payment status records. Potentially escalate privileges via administrative endpoints. Overall, the SQL Injection flaws compromise the confidentiality, integrity, and availability of the entire booking system database.
Source⚠️ https://github.com/shenxianyuguitian/simple-flight-booking-SQL/tree/main
User
 xuanyuesanshi (UID 88126)
Submission02/26/2026 11:28 (5 months ago)
Moderation03/07/2026 21:43 (9 days later)
StatusDuplicate
VulDB entry349654 [code-projects Simple Flight Ticket Booking System 1.0 /login.php Username sql injection]
Points0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!