Description
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
Problem types
Product status
Timeline
| 2026-07-04: | Advisory disclosed |
| 2026-07-04: | VulDB entry created |
| 2026-07-04: | VulDB entry last update |
Credits
anubhav106 (VulDB User)
References
vuldb.com/vuln/376352 (VDB-376352 | code-projects Hotel and Tourism Reservation Tour Reservations tour_reserves.php sql injection)
vuldb.com/vuln/376352/cti (VDB-376352 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14763 (CVE-2026-14763 | CVE Analysis and Report)
vuldb.com/submit/850581 (Submit #850581 | code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection)
raw.githubusercontent.com/...ation-tour_reserves.php-SQLi.md
code-projects.org/