{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/data-compromise/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-14764"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Hotel and Tourism Reservation 1.0"],"_cs_severities":["high"],"_cs_tags":["web-vulnerability","sql-injection","cve","data-compromise","webserver"],"_cs_type":"threat","_cs_vendors":["code-projects"],"content_html":"\u003cp\u003eA critical SQL injection vulnerability, tracked as CVE-2026-14764, has been identified in code-projects Hotel and Tourism Reservation version 1.0. This flaw, discovered in the 'Event Management Page' component, specifically affects the \u003ccode\u003e/admin/add_event.php\u003c/code\u003e file where the \u003ccode\u003efdetails\u003c/code\u003e argument is susceptible to improper neutralization of special elements. Attackers can remotely manipulate this argument to inject malicious SQL queries, leading to data compromise. The vulnerability has been publicly disclosed, with exploit details available, significantly increasing the likelihood of active exploitation against unpatched systems running this software. Organizations utilizing code-projects Hotel and Tourism Reservation 1.0 are strongly advised to implement mitigations immediately to prevent unauthorized access and data breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies an internet-facing instance of code-projects Hotel and Tourism Reservation 1.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP POST or GET request targeting the \u003ccode\u003e/admin/add_event.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL payloads into the \u003ccode\u003efdetails\u003c/code\u003e argument, which is processed by the vulnerable application.\u003c/li\u003e\n\u003cli\u003eThe application processes the request without properly sanitizing the input, leading to the execution of the attacker's SQL queries.\u003c/li\u003e\n\u003cli\u003eThe malicious SQL query allows the attacker to read, modify, or delete database content, potentially extracting sensitive information or altering application behavior.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully compromises the underlying database, gaining unauthorized access to user credentials, booking details, or other critical data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14764 can lead to significant data compromise, including the exfiltration of sensitive customer information, booking data, and administrative credentials stored in the application's database. This can result in reputational damage, regulatory penalties, and further attacks against affected entities. Given that exploit details have been publicly disclosed, unpatched systems face an immediate and elevated risk of being targeted by malicious actors seeking to leverage this vulnerability for financial gain or disruptive purposes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching or upgrading code-projects Hotel and Tourism Reservation to a version that addresses CVE-2026-14764, once available from the vendor.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect exploitation attempts of CVE-2026-14764 against your web servers.\u003c/li\u003e\n\u003cli\u003eImplement a Web Application Firewall (WAF) in front of the vulnerable application to detect and block malicious HTTP requests containing SQL injection payloads, specifically targeting \u003ccode\u003ecs-uri-stem: \u0026quot;/admin/add_event.php\u0026quot;\u003c/code\u003e and the \u003ccode\u003efdetails\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eEnable detailed webserver access logging (e.g., Apache, Nginx, IIS) to capture \u003ccode\u003ecs-uri-stem\u003c/code\u003e, \u003ccode\u003ecs-uri-query\u003c/code\u003e, and HTTP method, essential for forensic analysis and detection.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T17:23:25Z","date_published":"2026-07-05T17:23:25Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14764-sql-injection/","summary":"An unauthenticated attacker can remotely exploit CVE-2026-14764, an SQL injection vulnerability in code-projects Hotel and Tourism Reservation 1.0's `/admin/add_event.php` component via the `fdetails` argument, to manipulate database queries and compromise sensitive data, with public exploit disclosure increasing the risk of active exploitation.","title":"CVE-2026-14764: SQL Injection in code-projects Hotel and Tourism Reservation","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14764-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Data-Compromise","version":"https://jsonfeed.org/version/1.1"}