PT-2025-26532 · Code Projects · Simple Online Hotel Reservation System
Jww0Ka
·
Published
2025-06-21
·
Updated
2025-06-27
·
CVE-2025-6447
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Simple Online Hotel Reservation System version 1.0
Description:
A critical vulnerability was found in the Simple Online Hotel Reservation System. The issue is related to SQL injection, which can be triggered by manipulating the
Username or name/admin id argument. This allows for a remote attack. The exploit has been publicly disclosed, posing an immediate threat.Recommendations:
For Simple Online Hotel Reservation System version 1.0, consider disabling the affected function in the /admin/index.php file as a temporary workaround until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the
Username or name/admin id argument in the affected API endpoint until the issue is resolved.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Online Hotel Reservation System