SQL Injection Vulnerability in Hotel and Tourism Reservation by Code Projects
CVE-2026-14763
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14763?
A vulnerability exists in the Hotel and Tourism Reservation application version 1.0, specifically within the Tour Reservations Page component. The flaw arises from improper handling of input in the file /admin/tour_reserves.php, which allows an attacker to manipulate arguments, leading to SQL injection. This can enable unauthorized access to the underlying database, exposing sensitive information. The vulnerability can be exploited remotely, and it has already been documented publicly, heightening the urgency for users of this application to mitigate any potential risks.
Affected Version(s)
Hotel and Tourism Reservation 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
