Lucene search
K
FabianSimple Online Hotel Reservation System

18 matches found

CVE
CVE
•added 2023/03/22 12:0 p.m.•104 views

CVE-2023-1561

The CVE-2023-1561 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Affected is an unknown function in add_room.php where manipulation leads to unrestricted file uploads. The vulnerability enables remote exploitation, per the provided description, with no explicit remediat...

9.8CVSS8AI score0.00773EPSS
CVE
CVE
•added 2024/01/13 9:0 p.m.•52 views

CVE-2024-0504

CVE-2024-0504 affects code-projects Simple Online Hotel Reservation System 1.0, specifically the add_reserve.php file of the Make a Reservation Page. The vulnerability is a cross-site scripting issue caused by unsafely handling Firstname/Lastname input (example payload: ). The attack is remote an...

6.1CVSS6AI score0.00556EPSS
Web
CVE
CVE
•added 2025/06/22 12:0 a.m.•29 views

CVE-2025-6448

CVE-2025-6448 applies to code-projects Simple Online Hotel Reservation System 1.0. The vulnerability is in the file /admin/delete_room.php where the argument/parameter room_id is unsafely handled, leading to a SQL injection. It is described as exploitable remotely, with exploit information public...

9.8CVSS7.6AI score0.00394EPSS
Web
CVE
CVE
•added 2025/06/21 9:31 p.m.•25 views

CVE-2025-6420

CVE-2025-6420 affects code-projects Simple Online Hotel Reservation System 1.0, with SQL injection in /admin/add_room.php via the room_type parameter. Exploitation can be remote; exploits have been disclosed publicly. Several connected sources confirm the issue across NVD, CNVD, CIRCL, and vendor...

9.8CVSS7.8AI score0.00448EPSS
Web
CVE
CVE
•added 2025/06/21 1:31 a.m.•24 views

CVE-2025-6394

The CVE-2025-6394 entry concerns code-projects Simple Online Hotel Reservation System 1.0, where the file /add_reserve.php exposes a SQL injection via the firstname parameter. This vulnerability is exploitable remotely and has been disclosed publicly. Multiple connected documents (CNVD/CNNVD/Red ...

9.8CVSS7.5AI score0.00399EPSS
CVE
CVE
•added 2025/06/21 11:31 p.m.•24 views

CVE-2025-6447

CVE-2025-6447 affects the code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function in the file /admin/index.php, where manipulating the Username parameter leads to an SQL injection. The vulnerability is described as exploitable remotely with a publicly disclosed e...

9.8CVSS7.6AI score0.00394EPSS
Web
CVE
CVE
•added 2025/06/22 1:0 a.m.•24 views

CVE-2025-6450

CVE-2025-6450 affects code-projects’ Simple Online Hotel Reservation System 1.0, with a vulnerability in the file /admin/confirm_reserve.php. The issue is a SQL injection triggered by manipulating the transaction_id parameter, allowing remote abuse. Exploit details are publicly disclosed accordin...

9.8CVSS7.6AI score0.00394EPSS
Web
CVE
CVE
•added 2025/06/24 8:0 p.m.•24 views

CVE-2025-6578

The CVE-2025-6578 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. A vulnerability exists in the /admin/delete_account.php file where manipulating the admin_id parameter triggers a SQL injection. The issue is exploitable remotely and has been disclosed publicly. Affected ...

9.8CVSS7.8AI score0.00394EPSS
Web
CVE
CVE
•added 2025/06/22 1:31 a.m.•23 views

CVE-2025-6451

The CVE-2025-6451 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Multiple connected sources confirm a SQL injection in the file /admin/delete_pending.php via the transaction_id parameter, allowing remote exploitation. The issue stems from lack of validation/sanitization...

9.8CVSS7.6AI score0.00394EPSS
Web
CVE
CVE
•added 2025/06/21 8:31 p.m.•22 views

CVE-2025-6418

CVE-2025-6418 affects Simple Online Hotel Reservation System 1.0. The vulnerability is a SQL injection in the /admin/edit_query_account.php endpoint via the Name parameter, caused by lack of input validation. The issue appears exploitable remotely, and public disclosure exists. Multiple sources c...

9.8CVSS7.6AI score0.00394EPSS
Web
CVE
CVE
•added 2025/06/21 10:0 p.m.•21 views

CVE-2025-6421

CVE-2025-6421 affects code-projects Simple Online Hotel Reservation System 1.0. It exposes a SQL injection in /admin/add_account.php via the name/admin_id parameter, allowing remote exploitation. Exploit details are publicly disclosed; multiple sources corroborate the issue. Some advisories (PT-2...

9.8CVSS7.6AI score0.00448EPSS
Web
CVE
CVE
•added 2025/06/22 12:31 a.m.•21 views

CVE-2025-6449

CVE-2025-6449 affects the code-projects Simple Online Hotel Reservation System 1.0. The vulnerability is a SQL injection in the file /admin/checkout_query.php triggered by manipulating the transaction_id parameter. Its impact, per sources, includes potential remote exploitation and access to sens...

9.8CVSS7.6AI score0.00394EPSS
Web
CVE
CVE
•added 2025/11/02 6:2 a.m.•20 views

CVE-2025-12593

CVE-2025-12593 affects code-projects Simple Online Hotel Reservation System 2.0. The Photo Handler component, via /admin/edit_room.php, lacks validation for uploaded files, enabling unrestricted file uploads. Exploitation is possible remotely and a public exploit exists. Connected sources do not ...

7.2CVSS5AI score0.00387EPSS
Web
CVE
CVE
•added 2025/06/21 9:0 p.m.•19 views

CVE-2025-6419

CVE-2025-6419 affects code-projects Simple Online Hotel Reservation System 1.0. The vulnerability is an SQL injection in /admin/edit_room.php via the room_type parameter, exploitable remotely and publicly disclosed. External sources (CNVD/CNNVD) describe the issue; some reports advise disabling/r...

9.8CVSS7.6AI score0.00448EPSS
Web
CVE
CVE
•added 2025/11/14 3:32 p.m.•18 views

CVE-2025-13169

CVE-2025-13169 affects the Simple Online Hotel Reservation System 1.0. The vulnerability is an SQL injection in the file /add_query_reserve.php caused by unsafely handling the room_id parameter, allowing remote exploitation. Public disclosures exist, and multiple sources (CNVD, RH, CNNVD, NVD, CV...

9.8CVSS7.3AI score0.00394EPSS
CVE
CVE
•added 2025/11/02 8:32 a.m.•16 views

CVE-2025-12594

The CVE-2025-12594 entry concerns code-projects Simple Online Hotel Reservation System 2.0. A SQL injection vulnerability exists in the file /admin/add_account.php (parameter Name). Multiple connected sources confirm remote exploitation with the exploit publicly released, enabling an attacker to ...

7.2CVSS4.9AI score0.00411EPSS
Web
CVE
CVE
•added 2025/11/14 4:2 p.m.•16 views

CVE-2025-13170

CVE-2025-13170 concerns the Simple Online Hotel Reservation System 1.0. The vulnerability is an SQL injection in the admin/account editing flow, triggered by manipulating the parameter admin_id in /admin/edit_account.php. Multiple connected sources confirm remote exploitation possibilities and th...

9.8CVSS7.2AI score0.00346EPSS
Web
CVE
CVE
•added 2025/10/10 12:0 a.m.•14 views

CVE-2025-60308

The CVE-2025-60308 pertains to code-projects Simple Online Hotel Reservation System 1.0, with a Cross-Site Scripting (XSS) vulnerability in the Add Room function. Malicious input in the Description field can leak the administrator’s cookie when room details are viewed, indicating potential creden...

4.1CVSS5.7AI score0.00229EPSS