CVE-2025-6450

Name of the Vulnerable Software and Affected Versions: code-projects Simple Online Hotel Reservation System version 1.0

Description: A critical issue was found in the Simple Online Hotel Reservation System. This issue affects an unknown part of the file /admin/confirm reserve.php. The manipulation of the transaction id argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations: For code-projects Simple Online Hotel Reservation System version 1.0, as a temporary workaround, consider restricting access to the /admin/confirm reserve.php file until a patch is available. Avoid using the transaction id argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.