11 matches found
EUVD-2026-41780
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editroom.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may...
CVE-2026-14754
The CVE covers code-projects Hotel and Tourism Reservation 1.0, where the /admin/add_room.php function is vulnerable. Manipulating the arguments delete_image, edit/description, number, price, rooms, or type can trigger an SQL injection. The attack can be launched remotely, and a public exploit ha...
CVE-2026-36941
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manageroom.php...
CVE-2025-15127
CVE-2025-15127 affects FantasticLBP Hotels_Server, with the vulnerability located in /controller/api/Room.php. Manipulating the hotelId parameter can lead to a SQL injection. The issue is reported to be exploitable remotely, and public exploit details exist. Affected versions are not specified in...
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
CVE-2025-12593
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/editroom.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely...
CVE-2025-11472 SourceCodester Hotel and Lodge Management System edit_room.php sql injection
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /editroom.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
Chat System update_room.php File SQL Injection Vulnerability
Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from insufficient input validation of the id/name/password parameters in the /admin/updateroom.php file. An attacker can use this vulnerability to execute arbitrary SQL commands to obtain sensitiv...
CVE-2023-1561
A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file addroom.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the...