| Title | itsourcecode Free Hotel Reservation System V1.0 SQL Injection |
|---|
| Description | During the security review of the "Free Hotel Reservation System", a critical SQL injection vulnerability was discovered in the file /admin/mod_amenities/index.php?view=editpic&id=1. This vulnerability is due to insufficient validation of the user‑supplied idparameter, which allows an attacker to inject malicious SQL queries. As a result, the attacker can gain unauthorized access to the database, modify or delete data, and retrieve sensitive information. Immediate remedial action is required to ensure system security and data integrity.
|
|---|
| Source | ⚠️ https://github.com/bybinyu/Vulnerability-Practice/issues/5 |
|---|
| User | binyu (UID 96262) |
|---|
| Submission | 03/11/2026 06:28 (1 month ago) |
|---|
| Moderation | 03/26/2026 07:09 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353559 [itsourcecode Free Hotel Reservation System 1.0 index.php?view=editpic ID sql injection] |
|---|
| Points | 20 |
|---|