Description
A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Problem types
Product status
Timeline
| 2026-07-04: | Advisory disclosed |
| 2026-07-04: | VulDB entry created |
| 2026-07-04: | VulDB entry last update |
Credits
anubhav106 (VulDB User)
References
vuldb.com/vuln/376351 (VDB-376351 | code-projects Hotel and Tourism Reservation Room Management rooms.php sql injection)
vuldb.com/vuln/376351/cti (VDB-376351 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14762 (CVE-2026-14762 | CVE Analysis and Report)
vuldb.com/submit/850580 (Submit #850580 | code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection)
raw.githubusercontent.com/...m-Reservation-rooms.php-SQLi.md
code-projects.org/