CVE Details
Basic Information
| Title | code-projects Online Hotel Reservation System demo.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-22T04:00:06.384Z |
| Last Seen |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Online Hotel Reservation System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability was discovered in the code-projects Online Hotel Reservation System version 1.0. This vulnerability allows remote attackers to inject malicious SQL code via the Start argument in demo.php, potentially leading to data tampering or unauthorized access. The CVSS score of 6.9 indicates a medium severity level, but the vulnerability’s critical classification suggests a higher risk. |
|---|---|
| AI Severity | Medium |
| Vendor | code-projects |
| Product | Online Hotel Reservation System |
| Affected Version | 1.0 |
Affected Products
- code-projects Online Hotel Reservation System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as critical, was found in code-projects Online Hotel Reservation System 1.0. This affects an unknown part of the file /reservation/demo.php. The manipulation of the argument Start leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.