| Title | SourceCodester Resort Reservation System (PHP + SQLite3) 1.0 SQL Injection |
|---|
| Description | The manage_user.php component of the application is vulnerable to SQL Injection due to improper handling of user-supplied input in the id parameter. The application directly concatenates the parameter into an SQL query without sanitization or parameter binding. This allows authenticated attackers to manipulate queries and retrieve arbitrary data from the backend database. |
|---|
| Source | ⚠️ https://medium.com/@cybertamarin/sql-injection-in-php-reservation-system-breaking-access-control-via-a-single-parameter-46dcd6a8a8e9 |
|---|
| User | Antony Esthak Twinson (UID 96471) |
|---|
| Submission | 03/27/2026 15:49 (14 days ago) |
|---|
| Moderation | 04/08/2026 21:14 (12 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 236235 [SourceCodester Resort Reservation System 1.0 manage_user.php ID sql injection] |
|---|
| Points | 0 |
|---|