SQL Injection Vulnerability in Hotel/admin/usersettingdel.php?
CVE-2024-25316
9.8CRITICAL
What is CVE-2024-25316?
The vulnerability in Code-projects Hotel Management System version 1.0 allows attackers to perform SQL injection through the 'eid' parameter located in the URL endpoint Hotel/admin/usersettingdel.php?eid=2. By exploiting this flaw, malicious users can manipulate SQL queries, potentially leading to unauthorized data access, modification, or deletion. This vulnerability emphasizes the need for secure coding practices and validation of user inputs to prevent database-related attacks.