CVE-2024-25314

Name of the Vulnerable Software and Affected Versions Code-projects Hotel Managment System version 1.0

Description The issue allows SQL Injection via the sid parameter in the "Hotel/admin/show.php?sid=2" endpoint. This means an attacker could potentially inject malicious SQL code by manipulating the sid variable.

Recommendations For Code-projects Hotel Managment System version 1.0, as a temporary workaround, consider restricting access to the "Hotel/admin/show.php" endpoint or validating and sanitizing the sid parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.