CVE Catalog

CVE-2026-14755

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL Injection vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 in the file /admin/reservations.php. An unknown functionality of the Reservations Management Page allows manipulation of the delete argument, leading to SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed.

Risk Assessment

The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to leakage, modification, or deletion of reservation data and other sensitive information in the database.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, validate and sanitize all input parameters, especially the delete argument, and use parameterized queries.

Original NVD description (English source)

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS