Code-Projects Simple Online Hotel Reservation System vulnerabilities

CVE-2025-13169 [MEDIUM] CWE-74 CVE-2025-13169: A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1 A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /add_query_reserve.php. Such manipulation of the argument room_id leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-13170 [MEDIUM] CWE-74 CVE-2025-13170: A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing a manipulation of the argument admin_id results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2025-12594 [MEDIUM] CWE-74 CVE-2025-12594: A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. Thi A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/add_account.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

CVE-2025-12593 [MEDIUM] CWE-284 CVE-2025-12593: A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impa A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

CVE-2025-6578 [MEDIUM] CWE-74 CVE-2025-6578: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_account.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m

CVE-2025-6451 [MEDIUM] CWE-74 CVE-2025-6451: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_pending.php. The manipulation of the argument transaction_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public

CVE-2025-6450 [MEDIUM] CWE-74 CVE-2025-6450: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been c A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/confirm_reserve.php. The manipulation of the argument transaction_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the publ

CVE-2025-6449 [MEDIUM] CWE-74 CVE-2025-6449: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/checkout_query.php. The manipulation of the argument transaction_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the p

CVE-2025-6447 [MEDIUM] CWE-74 CVE-2025-6447: A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Re A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be us

CVE-2025-6448 [MEDIUM] CWE-74 CVE-2025-6448: A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and class A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_room.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the

CVE-2025-6418 [MEDIUM] CWE-74 CVE-2025-6418: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit_query_account.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public

CVE-2025-6394 [MEDIUM] CWE-74 CVE-2025-6394: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_reserve.php. The manipulation of the argument firstname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the pu

CVE-2025-6421 [MEDIUM] CWE-74 CVE-2025-6421: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been r A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/add_account.php. The manipulation of the argument name/admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and

CVE-2025-6420 [MEDIUM] CWE-74 CVE-2025-6420: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add_room.php. The manipulation of the argument room_type leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be

CVE-2025-6419 [MEDIUM] CWE-74 CVE-2025-6419: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been c A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument room_type leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may

CVE-2024-0504 [LOW] CWE-79 CVE-2024-0504: A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and class A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input alert(1) leads to cross site scripting. The attack can be

CVE-2024-0359 [HIGH] CWE-89 CVE-2024-0359: A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been d A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be use

CVE-2023-1561 [MEDIUM] CWE-434 CVE-2023-1561: A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Re A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability.