Code Projects · Hotel/Tourism Reservation System · CVE-2026-11342
**Name of the Vulnerable Software and Affected Versions**
code-projects Hotel and Tourism Reservation System version 1.0
**Description**
An issue exists in the `/details.php` file where improper handling of the `room` argument allows for remote SQL injection. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to manipulate or access the database.
**Recommendations**
Update code-projects Hotel and Tourism Reservation System to a version newer than 1.0.
As a temporary workaround, restrict access to the `/details.php` endpoint or avoid using the `room` parameter until a patch is applied.