CVE Catalog

CVE-2026-14763

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability has been found in Hotel and Tourism Reservation 1.0 in the file /admin/tour_reserves.php. An attacker can remotely manipulate the tour argument, leading to SQL injection. The exploit has been published and may be used.

Risk Assessment

The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to data leakage, modification, or deletion, as well as potential system takeover.

Recommendation

Apply the patch or update to the latest version immediately. Until then, restrict access to /admin/tour_reserves.php and implement input validation.

Original NVD description (English source)

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS