SQL Injection Vulnerability in Simple Online Hotel Reservation System by Code-Projects
CVE-2025-6447

7.3HIGH

Key Information:

Vendor: Code-Projects
Status: Simple Online Hotel Reservation System
Vendor: CVE Published:; 22 June 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-6447?

A vulnerability exists in the Simple Online Hotel Reservation System 1.0, which allows remote attackers to exploit an SQL injection flaw through the Username parameter in the /admin/index.php file. This can lead to unauthorized access to the database and potentially expose sensitive information. The exploit has been publicly disclosed, increasing the risk of attacks targeting this vulnerability.

References

https://code-projects.org/

https://github.com/kakalalaww/CVE/issues/19

https://vuldb.com/?ctiid.313554

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2025