CVE-2026-14764
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A SQL injection vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 in the /admin/add_event.php file. An attacker can remotely manipulate the fdetails argument, leading to SQL injection. The exploit has been publicly disclosed.
Risk Assessment
The risk involves the possibility of remote execution of unauthorized SQL queries, which could lead to data leakage, modification, or deletion of information in the database.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, restrict access to the /admin/add_event.php file to trusted IP addresses only.
Original NVD description (English source)
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

