Submit #849219: code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injectioninfo

Titlecode-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection
DescriptionA vulnerability was found in Hotel and Tourism Reservation In PHP 1.0 on code-projects.org. The affected file is /ht/details.php of the component Room Details Page. The manipulation of the GET parameter 'room' with a crafted payload leads to SQL Injection (Boolean-based Blind and Time-based Blind). Payload used: room=-1' OR 3*2*1=6 AND 000867=000867 -- - The application directly concatenates user input into backend SQL queries without sanitization or parameterized queries. The attack can be initiated remotely without user interaction. A proof-of-concept has been disclosed publicly. CVSS v3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5 (Medium) Vendor was contacted on 2026-06-04 via email. No response received. Advisory: https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-ececa8981afe Product: https://code-projects.org/hotel-and-tourism-reservation-in-php-with-source-code/
Source⚠️ https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-ececa8981afe
User
 anubhav106 (UID 98769)
Submission06/05/2026 07:48 (29 days ago)
Moderation07/04/2026 14:54 (29 days later)
StatusDuplicate
VulDB entry368883 [code-projects Hotel and Tourism Reservation System 1.0 /details.php room sql injection]
Points0

Do you need the next level of professionalism?

Upgrade your account now!