Ubfbuz3

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Hotel Booking version 1.0 **Description** A critical issue has been identified, affecting the /reservation.php file, where manipulation of the `checkin` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For projectworlds Online Hotel Booking version 1.0, as a temporary workaround, consider restricting access to the /reservation.php file or disabling the manipulation of the `checkin` argument until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ProjectWorlds Online Hotel Booking version 1.0 **Description** A critical vulnerability has been found in ProjectWorlds Online Hotel Booking. The issue affects an unknown function of the file /admin/login.php. Manipulation of the `emailusername` argument leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For ProjectWorlds Online Hotel Booking version 1.0, consider disabling the unknown function of the file /admin/login.php as a temporary workaround until a patch is available. Restrict access to the /admin/login.php file to minimize the risk of exploitation. Avoid using the `emailusername` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Online Hotel Booking version 1.0 **Description** A critical issue has been found, affecting an unknown part of the file /admin/addroom.php. The manipulation of the `roomname` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For projectworlds Online Hotel Booking version 1.0, as a temporary workaround, consider restricting access to the /admin/addroom.php file until a patch is available. Avoid using the `roomname` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.