Lucene search
K

14 matches found

NVD
NVD
added 2026/06/19 6:16 p.m.10 views

CVE-2019-25750

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:8 p.m.6 views

EUVD-2019-20186

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50986

Name of the Vulnerable Software and Affected Versions Joomla Component J-MultipleHotelReservation version 6.0.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending POST requests to the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References8
OSV
OSV
added 2025/12/28 8:15 a.m.7 views

CVE-2025-15127

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

9.8CVSS5.7AI score0.00407EPSS
Exploits1References4
NVD
NVD
added 2025/12/28 8:15 a.m.15 views

CVE-2025-15127

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

9.8CVSS0.00407EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/28 8:2 a.m.4 views

CVE-2025-15127 FantasticLBP Hotels_Server Room.php sql injection

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

7.5CVSS6.5AI score0.00407EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/28 8:2 a.m.31 views

CVE-2025-15127 FantasticLBP Hotels_Server Room.php sql injection

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

7.5CVSS0.00407EPSS
Exploits1References4
CVE
CVE
added 2025/12/28 8:2 a.m.11 views

CVE-2025-15127

CVE-2025-15127 affects FantasticLBP Hotels_Server, with the vulnerability located in /controller/api/Room.php. Manipulating the hotelId parameter can lead to a SQL injection. The issue is reported to be exploitable remotely, and public exploit details exist. Affected versions are not specified in...

9.8CVSS6.5AI score0.00407EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/01/04 3:15 p.m.6 views

CVE-2023-50864

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References2
OSV
OSV
added 2024/01/04 3:15 p.m.2 views

CVE-2023-50863

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS5.8AI score0.00672EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/04 12:0 a.m.4 views

Travel Website SQL Injection Vulnerability

Travel Website is a PHP-based travel website. A SQL injection vulnerability exists in Travel Website v1.0, which occurs when the hotelIDHidden parameter on the booking.php page is processed without filtering and then sent to the database for processing...

9.8CVSS7.9AI score0.00672EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.4 views

PT-2024-13979 · Unknown · Travel Website

Name of the Vulnerable Software and Affected Versions: Travel Website version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the hotelIDHidden parameter of the "booking.php" resource does not validate the characters received, and they are...

9.8CVSS9.9AI score0.00672EPSS
Exploits1References6
exploitpack
exploitpack
added 2009/09/10 12:0 a.m.13 views

Accommodation Hotel Booking Portal - hotel_id SQL Injection

Accommodation Hotel Booking Portal - hotelid SQL Injection Viva IslaM Viva IslaM Remote SQL Injection Vulnerability hotel.php hotelid Accommodation Hotel Booking Portal http://www.tourismscripts.com AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2009/09/10 12:0 a.m.46 views

Accommodation Hotel Booking Portal - 'hotel_id' SQL Injection

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability hotel.php hotelid Accommodation Hotel Booking Portal http://www.tourismscripts.com AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...

7AI score
Exploits0
Rows per page
Query Builder