SQL Injection Vulnerability in Simple Online Hotel Reservation System by Code-Projects
CVE-2025-6448

7.3HIGH

Key Information:

Vendor: Code-Projects
Status: Simple Online Hotel Reservation System
Vendor: CVE Published:; 22 June 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-6448?

A vulnerability has been identified in the Simple Online Hotel Reservation System version 1.0, specifically within the file /admin/delete_room.php. This security flaw allows for SQL injection via manipulation of the 'room_id' parameter, enabling attackers to execute arbitrary SQL queries. Exploitation of this vulnerability can be performed remotely, posing significant risks to data integrity and security. Details regarding this vulnerability have been made publicly available, increasing the urgency for users to implement protective measures.

References

https://code-projects.org/

https://github.com/zzb1388/cve/issues/8

https://vuldb.com/?ctiid.313555

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2025