Product
CVE-2026-14764: SQL Injection in code-projects Hotel and Tourism Reservation
1 rule 3 TTPs 1 CVEAn unauthenticated attacker can remotely exploit CVE-2026-14764, an SQL injection vulnerability in code-projects Hotel and Tourism Reservation 1.0's `/admin/add_event.php` component via the `fdetails` argument, to manipulate database queries and compromise sensitive data, with public exploit disclosure increasing the risk of active exploitation.
CVE-2026-14763: SQL Injection in code-projects Hotel and Tourism Reservation
1 rule 2 TTPs 1 CVE 6 IOCsA SQL injection vulnerability, tracked as CVE-2026-14763, has been discovered in code-projects Hotel and Tourism Reservation version 1.0. The flaw affects an unknown function within the '/admin/tour_reserves.php' file, specifically in the 'Tour Reservations Page' component, due to improper handling of the 'tour' argument, allowing for remote SQL injection attacks, and a public exploit is available, increasing the risk of compromise.
CVE-2026-14762: Remote SQL Injection in code-projects Hotel and Tourism Reservation
1 rule 1 TTP 1 CVEA critical SQL injection vulnerability (CVE-2026-14762) exists in code-projects Hotel and Tourism Reservation version 1.0, located in the `/admin/rooms.php` file's Room Management Page, allowing remote attackers to manipulate the `delete` argument for data compromise, with a public exploit now available.
CVE-2026-14756: SQL Injection in code-projects Hotel and Tourism Reservation
1 rule 3 TTPs 1 CVE 6 IOCsA remote SQL injection vulnerability (CVE-2026-14756) exists in code-projects Hotel and Tourism Reservation version 1.0, allowing unauthenticated attackers to exploit improper input sanitization in the `delete_image` parameter of `/admin/add_tour.php` to bypass authentication, extract sensitive data, or manipulate database records, with a public exploit available.
CVE-2026-14755: Remote SQL Injection in code-projects Hotel and Tourism Reservation
1 rule 2 TTPs 1 CVE 2 IOCsA critical remote unauthenticated SQL injection vulnerability (CVE-2026-14755) in code-projects Hotel and Tourism Reservation version 1.0, specifically within the '/admin/reservations.php' file's 'delete' argument, allows attackers to manipulate backend database queries, leading to data exposure and manipulation with a publicly disclosed exploit.
CVE-2026-14754: SQL Injection in code-projects Hotel and Tourism Reservation
1 rule 1 TTP 1 CVEA critical SQL injection vulnerability (CVE-2026-14754) in code-projects Hotel and Tourism Reservation 1.0's `/admin/add_room.php` file allows a remote, unauthenticated attacker to manipulate arguments such as `delete_image`, `edit`, `description`, `number`, `price`, `rooms`, or `type` to execute arbitrary SQL commands, leading to sensitive data exposure and potential database compromise.