CVE-2026-14763
HIGH
7.3
CVSS 3.1
Description
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
Metadata
Severity & Metrics
7.3
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| code-projects | Hotel and Tourism Reservation | — | 1.0 |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 7.3 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 7.3 | HIGH | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-376352 | code-projects Hotel and Tourism Reservation Tour Reservations tour_reserves.php sql injection https://vuldb.com/vuln/376352
- VDB-376352 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/376352/cti
- CVE-2026-14763 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-14763
- Submit #850581 | code-projects.org Hotel and Tourism Reservation In PHP 1.0 SQL Injection https://vuldb.com/submit/850581
- https://raw.githubusercontent.com/anubhavv106/Security-Advisories/refs/heads/main/Hotel-Tourism-Reservation-tour_reserves.php-SQLi.md
- https://code-projects.org/