Online Hotel Reservation System
Monthly
A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-6458 is a critical SQL injection vulnerability in code-projects Online Hotel Reservation System version 1.0, affecting the /admin/execedituser.php endpoint. An unauthenticated remote attacker can manipulate the 'userid' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild.
CVE-2025-6457 is a critical SQL injection vulnerability in code-projects Online Hotel Reservation System 1.0 affecting the /reservation/demo.php file, where the 'Start' parameter is unsanitized and directly used in database queries. An unauthenticated remote attacker can exploit this vulnerability to read, modify, or delete sensitive database content including guest information, reservations, and payment data. The vulnerability has been publicly disclosed with exploit code available, though specific EPSS probability and KEV/CISA inclusion status cannot be determined from provided data.
CVE-2025-6456 is a critical SQL injection vulnerability in code-projects Online Hotel Reservation System 1.0, specifically in the /reservation/order.php file's 'Start' parameter. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the hotel reservation database. Public exploit code is available, and the vulnerability is actively exploitable.
CVE-2025-6455 is a SQL injection vulnerability in code-projects Online Hotel Reservation System version 1.0, specifically in the /messageexec.php file where the 'Name' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, indicating active exploitation risk.
CVE-2025-6355 is a critical SQL injection vulnerability in SourceCodester Online Hotel Reservation System version 1.0, specifically in the /admin/execeditroom.php file where the 'userid' parameter is improperly sanitized. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or denial of service. Public disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.
A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-6458 is a critical SQL injection vulnerability in code-projects Online Hotel Reservation System version 1.0, affecting the /admin/execedituser.php endpoint. An unauthenticated remote attacker can manipulate the 'userid' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, making it actively exploitable in the wild.
CVE-2025-6457 is a critical SQL injection vulnerability in code-projects Online Hotel Reservation System 1.0 affecting the /reservation/demo.php file, where the 'Start' parameter is unsanitized and directly used in database queries. An unauthenticated remote attacker can exploit this vulnerability to read, modify, or delete sensitive database content including guest information, reservations, and payment data. The vulnerability has been publicly disclosed with exploit code available, though specific EPSS probability and KEV/CISA inclusion status cannot be determined from provided data.
CVE-2025-6456 is a critical SQL injection vulnerability in code-projects Online Hotel Reservation System 1.0, specifically in the /reservation/order.php file's 'Start' parameter. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the hotel reservation database. Public exploit code is available, and the vulnerability is actively exploitable.
CVE-2025-6455 is a SQL injection vulnerability in code-projects Online Hotel Reservation System version 1.0, specifically in the /messageexec.php file where the 'Name' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, indicating active exploitation risk.
CVE-2025-6355 is a critical SQL injection vulnerability in SourceCodester Online Hotel Reservation System version 1.0, specifically in the /admin/execeditroom.php file where the 'userid' parameter is improperly sanitized. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or denial of service. Public disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.