29 matches found
CVE-2025-11400
SourceCodester Hotel and Lodge Management System 1.0 contains a SQL injection vulnerability in the /del_room.php endpoint triggered by manipulating the ID parameter. The CVE-2025-11400 entries indicate remote exploitation with publicly available exploits. The issue is documented with multiple ven...
CVE-2025-11108
A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
CVE-2025-11108
A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
Code-Projects Simple Scheduling System SQL注入漏洞
Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the failure of the /schedulingsystem/addroom.php file to effectively filter the room parameter. No details of the vulnerability are available at this time...
CVE-2024-11963
A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Affected by this issue is some unknown functionality of the file /admin/room.php. The manipulation of the argument troom leads to sql injection. The attack may be launched remotely. The...
PT-2023-28830 · Unknown · Resort Reservation System
Name of the Vulnerable Software and Affected Versions: Resort Reservation System version 1.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage room function...
CVE-2022-1007
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-1007
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2007-5982
Multiple cross-site scripting XSS vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 room parameter to sources/frame.php, the 2 themec parameter to help/index.php, or the 3 INSTALLX7CHATVERSION parameter to...