CVE-2025-13208

A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection. The attack can be...

CVE-2025-13208

CVE-2025-13208 affects FantasticLBP Hotels Server, with an SQL injection in controller/api/hotelList.php where manipulating the subjectId/cityName parameter can expose or modify data. The vulnerability is exploitable remotely and public exploits exist. Affected versions are stated as prior to 67b...

CVE-2025-13208 FantasticLBP Hotels Server hotelList.php sql injection

A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection. The attack can be...

PT-2025-47060

Name of the Vulnerable Software and Affected Versions FantasticLBP Hotels Server versions prior to 67b44df162fab26df209bd5d5d542875fcbec1d0 Description A security flaw exists in FantasticLBP Hotels Server. The issue involves a SQL injection that can be triggered by manipulating the...

Code-Projects Real Estate Property Management System 注入漏洞

Code-Projects Real Estate Property Management System is an open source real estate property management system from Code-Projects. An injection vulnerability exists in Code-Projects Real Estate Property Management System version 1.0, which stems from an incorrect manipulation of the parameter...

PT-2025-6910 · Unknown · Code-Projects Real Estate Property Management System

Name of the Vulnerable Software and Affected Versions: code-projects Real Estate Property Management System version 1.0 Description: A critical issue was found in the code-projects Real Estate Property Management System. This issue affects an unknown part of the file /ajax city.php. The...

BookingeCMS HotelCMS酒店预订管理系统cityName参数存在注入

0x01 漏洞简述 提交时间： 2015-09-04 13:33 公开时间： 2015-12-06 09:00 漏洞类型： SQL注射漏洞 珠海中新信息科技有限公司开发的BookingeCMS HotelCMS /?m=hotel.setSearchSession 文件cityName参数存在注入 0x02 漏洞利用 测试Payload: （post提交） /?m=hotel.setSearchSession cityName=&type=getCityId&cityName=%E7%A6%8F%E5%B7%9E%' AND SELECT 4965 FROMSELECT...

Easytalk V2.5 注入漏洞之2

简要描述： 过滤不严。 详细说明： 在apiaction中。 public function userpreview $username=trimrawurldecode$this-post'username'; if $username parent::init; $user = M'Users'-where"username='$username'"-find; if $user if $user'cityid' //用户所在地 $dtModel=M'District'; $pdata = $dtModel-where"id='$usercityid'"-find; $pdata2 ...