CVE-2024-25315

Name of the Vulnerable Software and Affected Versions Code-projects Hotel Managment System version 1.0

Description The issue allows SQL Injection via the rid parameter in the "Hotel/admin/roombook.php" endpoint. This could potentially be exploited by manipulating the rid parameter to inject malicious SQL code.

Recommendations For Code-projects Hotel Managment System version 1.0, consider restricting access to the "Hotel/admin/roombook.php" endpoint until a patch is available. As a temporary workaround, avoid using the rid parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.