SQL Injection Vulnerability in Hotel and Tourism Reservation by Code-Projects
CVE-2026-14762
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14762?
A significant SQL injection vulnerability has been identified in the Hotel and Tourism Reservation application by Code-Projects, specifically within the Room Management Page component. The vulnerability arises from the manipulation of an argument within the /admin/rooms.php file, allowing an attacker to execute unauthorized SQL commands. This exploit can be triggered remotely, posing a serious risk to the application's integrity and data security. As the exploit details are now public, it is crucial for users to apply necessary patches and updates to mitigate potential threats.
Affected Version(s)
Hotel and Tourism Reservation 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
