SQL Injection Vulnerability in Hotel/admin/usersettingdel.php?
CVE-2024-25316

9.8CRITICAL

Key Information:

Vendor: Code-projects
Status: Hotel Management System
Vendor: CVE Published:; 9 February 2024

🔔 Create Code-projects Vulnerability Alert

What is CVE-2024-25316?

The vulnerability in Code-projects Hotel Management System version 1.0 allows attackers to perform SQL injection through the 'eid' parameter located in the URL endpoint Hotel/admin/usersettingdel.php?eid=2. By exploiting this flaw, malicious users can manipulate SQL queries, potentially leading to unauthorized data access, modification, or deletion. This vulnerability emphasizes the need for secure coding practices and validation of user inputs to prevent database-related attacks.

References

https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managm...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2024
Vulnerability Reserved
Feb 7, 2024