Skip to content
Threat Feed

Product

Hotel and Tourism Reservation 1.0

6 briefs RSS
high threat

CVE-2026-14764: SQL Injection in code-projects Hotel and Tourism Reservation

An unauthenticated attacker can remotely exploit CVE-2026-14764, an SQL injection vulnerability in code-projects Hotel and Tourism Reservation 1.0's `/admin/add_event.php` component via the `fdetails` argument, to manipulate database queries and compromise sensitive data, with public exploit disclosure increasing the risk of active exploitation.

exploited Hotel and Tourism Reservation 1.0 web-vulnerability sql-injection cve data-compromise webserver
1r 3t 1c
high threat

CVE-2026-14763: SQL Injection in code-projects Hotel and Tourism Reservation

A SQL injection vulnerability, tracked as CVE-2026-14763, has been discovered in code-projects Hotel and Tourism Reservation version 1.0. The flaw affects an unknown function within the '/admin/tour_reserves.php' file, specifically in the 'Tour Reservations Page' component, due to improper handling of the 'tour' argument, allowing for remote SQL injection attacks, and a public exploit is available, increasing the risk of compromise.

exploited Hotel and Tourism Reservation 1.0 sql-injection web-application cve data-exfiltration
1r 2t 1c 6i
high advisory

CVE-2026-14762: Remote SQL Injection in code-projects Hotel and Tourism Reservation

A critical SQL injection vulnerability (CVE-2026-14762) exists in code-projects Hotel and Tourism Reservation version 1.0, located in the `/admin/rooms.php` file's Room Management Page, allowing remote attackers to manipulate the `delete` argument for data compromise, with a public exploit now available.

Hotel and Tourism Reservation 1.0 sql-injection web-application cve php
1r 1t 1c
high threat

CVE-2026-14756: SQL Injection in code-projects Hotel and Tourism Reservation

A remote SQL injection vulnerability (CVE-2026-14756) exists in code-projects Hotel and Tourism Reservation version 1.0, allowing unauthenticated attackers to exploit improper input sanitization in the `delete_image` parameter of `/admin/add_tour.php` to bypass authentication, extract sensitive data, or manipulate database records, with a public exploit available.

exploited Hotel and Tourism Reservation 1.0 sql-injection web-application cve code-projects
1r 3t 1c 6i
high advisory

CVE-2026-14755: Remote SQL Injection in code-projects Hotel and Tourism Reservation

A critical remote unauthenticated SQL injection vulnerability (CVE-2026-14755) in code-projects Hotel and Tourism Reservation version 1.0, specifically within the '/admin/reservations.php' file's 'delete' argument, allows attackers to manipulate backend database queries, leading to data exposure and manipulation with a publicly disclosed exploit.

Hotel and Tourism Reservation 1.0 sql-injection web-vulnerability cve remote-code-execution data-exfiltration
1r 2t 1c 2i
high advisory

CVE-2026-14754: SQL Injection in code-projects Hotel and Tourism Reservation

A critical SQL injection vulnerability (CVE-2026-14754) in code-projects Hotel and Tourism Reservation 1.0's `/admin/add_room.php` file allows a remote, unauthenticated attacker to manipulate arguments such as `delete_image`, `edit`, `description`, `number`, `price`, `rooms`, or `type` to execute arbitrary SQL commands, leading to sensitive data exposure and potential database compromise.

Hotel and Tourism Reservation 1.0 sql-injection web-application cve code-projects remote-code-execution
1r 1t 1c