Simple Online Hotel Reservation System
Monthly
A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-6578 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System version 1.0 affecting the /admin/delete_account.php file through unsanitized admin_id parameter manipulation. An unauthenticated remote attacker can execute arbitrary SQL queries to read, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk for deployed instances.
CVE-2025-6451 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System version 1.0, affecting the /admin/delete_pending.php file where the transaction_id parameter is unsanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, modification, or deletion of the hotel reservation database. Public exploit disclosure and active threat indicators suggest this vulnerability warrants immediate patching.
CVE-2025-6450 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System version 1.0, affecting the /admin/confirm_reserve.php endpoint where the transaction_id parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the hotel reservation database. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
CVE-2025-6449 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System v1.0 affecting the /admin/checkout_query.php endpoint. An unauthenticated remote attacker can manipulate the 'transaction_id' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system disruption. The vulnerability has been publicly disclosed with exploits available, and the CVSS 7.3 score reflects high impact across confidentiality, integrity, and availability despite moderate attack complexity.
CVE-2025-6448 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System 1.0 affecting the /admin/delete_room.php endpoint. An unauthenticated remote attacker can manipulate the room_id parameter to execute arbitrary SQL queries, potentially resulting in unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with working exploits available, making active exploitation likely.
CVE-2025-6447 is a critical SQL injection vulnerability in the Simple Online Hotel Reservation System version 1.0, specifically in the /admin/index.php file's Username parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system disruption. The exploit has been publicly disclosed with proof-of-concept code available, significantly increasing the risk of active exploitation.
A critical SQL injection vulnerability exists in code-projects Simple Online Hotel Reservation System version 1.0, specifically in the /admin/add_account.php file where the 'name' or 'admin_id' parameters are not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the hotel reservation database. Public exploit code is available and the vulnerability is actively being disclosed, increasing exploitation risk in the wild.
A critical SQL injection vulnerability exists in code-projects Simple Online Hotel Reservation System version 1.0, specifically in the /admin/add_room.php file where the 'room_type' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of hotel reservation system data. A proof-of-concept exploit has been publicly disclosed, increasing real-world exploitation risk.
CVE-2025-6419 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System 1.0 affecting the /admin/edit_room.php endpoint, where the 'room_type' parameter is improperly sanitized, allowing unauthenticated remote attackers to execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 with public proof-of-concept code available, indicating active exploitation risk and widespread discoverability.
CVE-2025-6418 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 affecting the /admin/edit_query_account.php endpoint, where the 'Name' parameter is improperly sanitized, allowing remote attackers to execute arbitrary SQL queries without authentication. The vulnerability has been publicly disclosed with exploit code availability, making it a high-priority threat for organizations running this system in production; attackers can manipulate database queries to extract sensitive data, modify records, or potentially escalate privileges.
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CVE-2025-6578 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System version 1.0 affecting the /admin/delete_account.php file through unsanitized admin_id parameter manipulation. An unauthenticated remote attacker can execute arbitrary SQL queries to read, modify, or delete database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk for deployed instances.
CVE-2025-6451 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System version 1.0, affecting the /admin/delete_pending.php file where the transaction_id parameter is unsanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data exfiltration, modification, or deletion of the hotel reservation database. Public exploit disclosure and active threat indicators suggest this vulnerability warrants immediate patching.
CVE-2025-6450 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System version 1.0, affecting the /admin/confirm_reserve.php endpoint where the transaction_id parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the hotel reservation database. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
CVE-2025-6449 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System v1.0 affecting the /admin/checkout_query.php endpoint. An unauthenticated remote attacker can manipulate the 'transaction_id' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system disruption. The vulnerability has been publicly disclosed with exploits available, and the CVSS 7.3 score reflects high impact across confidentiality, integrity, and availability despite moderate attack complexity.
CVE-2025-6448 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System 1.0 affecting the /admin/delete_room.php endpoint. An unauthenticated remote attacker can manipulate the room_id parameter to execute arbitrary SQL queries, potentially resulting in unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with working exploits available, making active exploitation likely.
CVE-2025-6447 is a critical SQL injection vulnerability in the Simple Online Hotel Reservation System version 1.0, specifically in the /admin/index.php file's Username parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system disruption. The exploit has been publicly disclosed with proof-of-concept code available, significantly increasing the risk of active exploitation.
A critical SQL injection vulnerability exists in code-projects Simple Online Hotel Reservation System version 1.0, specifically in the /admin/add_account.php file where the 'name' or 'admin_id' parameters are not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of the hotel reservation database. Public exploit code is available and the vulnerability is actively being disclosed, increasing exploitation risk in the wild.
A critical SQL injection vulnerability exists in code-projects Simple Online Hotel Reservation System version 1.0, specifically in the /admin/add_room.php file where the 'room_type' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion of hotel reservation system data. A proof-of-concept exploit has been publicly disclosed, increasing real-world exploitation risk.
CVE-2025-6419 is a critical SQL injection vulnerability in code-projects Simple Online Hotel Reservation System 1.0 affecting the /admin/edit_room.php endpoint, where the 'room_type' parameter is improperly sanitized, allowing unauthenticated remote attackers to execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 with public proof-of-concept code available, indicating active exploitation risk and widespread discoverability.
CVE-2025-6418 is a critical SQL injection vulnerability in Simple Online Hotel Reservation System 1.0 affecting the /admin/edit_query_account.php endpoint, where the 'Name' parameter is improperly sanitized, allowing remote attackers to execute arbitrary SQL queries without authentication. The vulnerability has been publicly disclosed with exploit code availability, making it a high-priority threat for organizations running this system in production; attackers can manipulate database queries to extract sensitive data, modify records, or potentially escalate privileges.
A SQL injection vulnerability in A vulnerability (CVSS 7.3). Risk factors: public PoC available.
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.