SQL Injection Vulnerability in Code-Projects Hotel and Tourism Reservation
CVE-2026-14754

6.9MEDIUM

Key Information:

Vendor
CVE Published:
5 July 2026

What is CVE-2026-14754?

A security flaw has been identified in the code of the Hotel and Tourism Reservation system version 1.0, specifically in the /admin/add_room.php file. This vulnerability allows an attacker to manipulate specific URL parameters, such as delete_image, edit, description, number, price, rooms, and type, leading to SQL injection. As a result, a remote attacker can execute malicious SQL commands on the database, potentially compromising sensitive information. It is advisable for users to update their systems and implement security controls to mitigate potential risks.

Affected Version(s)

Hotel and Tourism Reservation 1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anubhav106 (VulDB User)
.