Online Hotel Reservation System
Monthly
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload files via manipulation of the image parameter in /admin/addslideexec.php, leading to potential remote code execution. The CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact due to authentication requirements (PR:L), but publicly available exploit code exists and the low EPSS score (0.05%, 14th percentile) indicates exploitation is unlikely to be widespread in practice.
Code-Projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /admin/addgalleryexec.php, bypassing file upload restrictions. The vulnerability requires valid admin credentials (PR:L in CVSS vector) and results in limited confidentiality, integrity, and availability impact. Public exploit code is available, though the low EPSS score (0.04%) and limited scope suggest this is not actively exploited at scale.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/addexec.php, potentially leading to remote code execution. The vulnerability has a low CVSS score (2.1) due to requirement for low-privilege authentication and limited impact scope, but publicly available exploit code exists and the issue affects confidentiality, integrity, and availability at the application layer.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/editpicexec.php, potentially leading to remote code execution. The vulnerability affects a low-impact scope but is publicly exploitable by authenticated users; EPSS scores this at 0.04% exploitation probability despite public POC availability, indicating limited real-world adoption of the vulnerable software.
SQL injection in Campcodes Online Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the room_id parameter in /admin/edit_room.php, enabling data exfiltration and modification with low impact. The vulnerability requires valid login credentials (PR:L) and carries a CVSS 2.1 score reflecting limited scope; however, the public exploit disclosure and EPSS percentile 20 suggest limited real-world exploitation interest despite active availability of proof-of-concept code.
SQL injection in Campcodes Online Hotel Reservation System 1.0 via the room_id parameter in /add_reserve.php allows authenticated remote attackers to execute arbitrary SQL queries, but CVSS 2.1 and EPSS 0.07% (20th percentile) indicate minimal real-world risk despite public exploit availability. The vulnerability requires valid user authentication and produces only low confidentiality, integrity, and availability impact-inconsistent with the 'critical' classification in the initial report.
Cross-site scripting (XSS) in Campcodes Online Hotel Reservation System 1.0 allows authenticated users to inject malicious scripts via the Name parameter in /admin/add_query_account.php, affecting the integrity of admin-level functionality. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting direct remote exploitation to attackers with valid credentials; however, publicly available exploit code exists, and the CVSS 2.0 score with VI:L (integrity impact) reflects limited but confirmed damage potential in a stored XSS context.
Unrestricted file upload in Campcodes Online Hotel Reservation System 1.0 allows high-privileged authenticated administrators to upload arbitrary files via the photo parameter in /admin/edit_room.php, potentially leading to remote code execution. The vulnerability requires administrative credentials to exploit and has publicly available proof-of-concept code, but carries low real-world risk due to the high privilege requirement (PR:H) and limited confidentiality/integrity impact in the CVSS v4.0 vector.
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload files via manipulation of the image parameter in /admin/addslideexec.php, leading to potential remote code execution. The CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact due to authentication requirements (PR:L), but publicly available exploit code exists and the low EPSS score (0.05%, 14th percentile) indicates exploitation is unlikely to be widespread in practice.
Code-Projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /admin/addgalleryexec.php, bypassing file upload restrictions. The vulnerability requires valid admin credentials (PR:L in CVSS vector) and results in limited confidentiality, integrity, and availability impact. Public exploit code is available, though the low EPSS score (0.04%) and limited scope suggest this is not actively exploited at scale.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/addexec.php, potentially leading to remote code execution. The vulnerability has a low CVSS score (2.1) due to requirement for low-privilege authentication and limited impact scope, but publicly available exploit code exists and the issue affects confidentiality, integrity, and availability at the application layer.
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /admin/editpicexec.php, potentially leading to remote code execution. The vulnerability affects a low-impact scope but is publicly exploitable by authenticated users; EPSS scores this at 0.04% exploitation probability despite public POC availability, indicating limited real-world adoption of the vulnerable software.
SQL injection in Campcodes Online Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the room_id parameter in /admin/edit_room.php, enabling data exfiltration and modification with low impact. The vulnerability requires valid login credentials (PR:L) and carries a CVSS 2.1 score reflecting limited scope; however, the public exploit disclosure and EPSS percentile 20 suggest limited real-world exploitation interest despite active availability of proof-of-concept code.
SQL injection in Campcodes Online Hotel Reservation System 1.0 via the room_id parameter in /add_reserve.php allows authenticated remote attackers to execute arbitrary SQL queries, but CVSS 2.1 and EPSS 0.07% (20th percentile) indicate minimal real-world risk despite public exploit availability. The vulnerability requires valid user authentication and produces only low confidentiality, integrity, and availability impact-inconsistent with the 'critical' classification in the initial report.
Cross-site scripting (XSS) in Campcodes Online Hotel Reservation System 1.0 allows authenticated users to inject malicious scripts via the Name parameter in /admin/add_query_account.php, affecting the integrity of admin-level functionality. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), limiting direct remote exploitation to attackers with valid credentials; however, publicly available exploit code exists, and the CVSS 2.0 score with VI:L (integrity impact) reflects limited but confirmed damage potential in a stored XSS context.
Unrestricted file upload in Campcodes Online Hotel Reservation System 1.0 allows high-privileged authenticated administrators to upload arbitrary files via the photo parameter in /admin/edit_room.php, potentially leading to remote code execution. The vulnerability requires administrative credentials to exploit and has publicly available proof-of-concept code, but carries low real-world risk due to the high privilege requirement (PR:H) and limited confidentiality/integrity impact in the CVSS v4.0 vector.
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.