Resort Reservation System
Monthly
SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.
Unrestricted file upload in SourceCodester Resort Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /controller.php?action=add, potentially leading to remote code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects PHP-based installations of the affected resort reservation software.
SQL injection in SourceCodester Resort Reservation System 1.0 via the q parameter in /accommodation.php allows remote authenticated attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could extract or modify sensitive reservation and user data.
SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.
Unrestricted file upload in SourceCodester Resort Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /controller.php?action=add, potentially leading to remote code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects PHP-based installations of the affected resort reservation software.
SQL injection in SourceCodester Resort Reservation System 1.0 via the q parameter in /accommodation.php allows remote authenticated attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could extract or modify sensitive reservation and user data.