18 matches found
CVE-2023-1561
The CVE-2023-1561 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Affected is an unknown function in add_room.php where manipulation leads to unrestricted file uploads. The vulnerability enables remote exploitation, per the provided description, with no explicit remediat...
CVE-2024-0504
CVE-2024-0504 affects code-projects Simple Online Hotel Reservation System 1.0, specifically the add_reserve.php file of the Make a Reservation Page. The vulnerability is a cross-site scripting issue caused by unsafely handling Firstname/Lastname input (example payload: ). The attack is remote an...
CVE-2025-6448
CVE-2025-6448 applies to code-projects Simple Online Hotel Reservation System 1.0. The vulnerability is in the file /admin/delete_room.php where the argument/parameter room_id is unsafely handled, leading to a SQL injection. It is described as exploitable remotely, with exploit information public...
CVE-2025-6420
CVE-2025-6420 affects code-projects Simple Online Hotel Reservation System 1.0, with SQL injection in /admin/add_room.php via the room_type parameter. Exploitation can be remote; exploits have been disclosed publicly. Several connected sources confirm the issue across NVD, CNVD, CIRCL, and vendor...
CVE-2025-6394
The CVE-2025-6394 entry concerns code-projects Simple Online Hotel Reservation System 1.0, where the file /add_reserve.php exposes a SQL injection via the firstname parameter. This vulnerability is exploitable remotely and has been disclosed publicly. Multiple connected documents (CNVD/CNNVD/Red ...
CVE-2025-6447
CVE-2025-6447 affects the code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function in the file /admin/index.php, where manipulating the Username parameter leads to an SQL injection. The vulnerability is described as exploitable remotely with a publicly disclosed e...
CVE-2025-6450
CVE-2025-6450 affects code-projects’ Simple Online Hotel Reservation System 1.0, with a vulnerability in the file /admin/confirm_reserve.php. The issue is a SQL injection triggered by manipulating the transaction_id parameter, allowing remote abuse. Exploit details are publicly disclosed accordin...
CVE-2025-6578
The CVE-2025-6578 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. A vulnerability exists in the /admin/delete_account.php file where manipulating the admin_id parameter triggers a SQL injection. The issue is exploitable remotely and has been disclosed publicly. Affected ...
CVE-2025-6451
The CVE-2025-6451 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Multiple connected sources confirm a SQL injection in the file /admin/delete_pending.php via the transaction_id parameter, allowing remote exploitation. The issue stems from lack of validation/sanitization...
CVE-2025-6418
CVE-2025-6418 affects Simple Online Hotel Reservation System 1.0. The vulnerability is a SQL injection in the /admin/edit_query_account.php endpoint via the Name parameter, caused by lack of input validation. The issue appears exploitable remotely, and public disclosure exists. Multiple sources c...
CVE-2025-6421
CVE-2025-6421 affects code-projects Simple Online Hotel Reservation System 1.0. It exposes a SQL injection in /admin/add_account.php via the name/admin_id parameter, allowing remote exploitation. Exploit details are publicly disclosed; multiple sources corroborate the issue. Some advisories (PT-2...
CVE-2025-6449
CVE-2025-6449 affects the code-projects Simple Online Hotel Reservation System 1.0. The vulnerability is a SQL injection in the file /admin/checkout_query.php triggered by manipulating the transaction_id parameter. Its impact, per sources, includes potential remote exploitation and access to sens...
CVE-2025-12593
CVE-2025-12593 affects code-projects Simple Online Hotel Reservation System 2.0. The Photo Handler component, via /admin/edit_room.php, lacks validation for uploaded files, enabling unrestricted file uploads. Exploitation is possible remotely and a public exploit exists. Connected sources do not ...
CVE-2025-6419
CVE-2025-6419 affects code-projects Simple Online Hotel Reservation System 1.0. The vulnerability is an SQL injection in /admin/edit_room.php via the room_type parameter, exploitable remotely and publicly disclosed. External sources (CNVD/CNNVD) describe the issue; some reports advise disabling/r...
CVE-2025-13169
CVE-2025-13169 affects the Simple Online Hotel Reservation System 1.0. The vulnerability is an SQL injection in the file /add_query_reserve.php caused by unsafely handling the room_id parameter, allowing remote exploitation. Public disclosures exist, and multiple sources (CNVD, RH, CNNVD, NVD, CV...
CVE-2025-12594
The CVE-2025-12594 entry concerns code-projects Simple Online Hotel Reservation System 2.0. A SQL injection vulnerability exists in the file /admin/add_account.php (parameter Name). Multiple connected sources confirm remote exploitation with the exploit publicly released, enabling an attacker to ...
CVE-2025-13170
CVE-2025-13170 concerns the Simple Online Hotel Reservation System 1.0. The vulnerability is an SQL injection in the admin/account editing flow, triggered by manipulating the parameter admin_id in /admin/edit_account.php. Multiple connected sources confirm remote exploitation possibilities and th...
CVE-2025-60308
The CVE-2025-60308 pertains to code-projects Simple Online Hotel Reservation System 1.0, with a Cross-Site Scripting (XSS) vulnerability in the Add Room function. Malicious input in the Description field can leak the administrator’s cookie when room details are viewed, indicating potential creden...