Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)

vendor:

Online Hotel Booking In PHP

by:

Gian Paris C. Agsam

6.1

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Online Hotel Booking In PHP

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:online_hotel_booking:php:1.0

Metasploit:

Other Scripts:

Platforms Tested: Apache/2.4.58 (Debian) / PHP 8.2.12

2024

Online Hotel Booking In PHP 1.0 – Blind SQL Injection (Unauthenticated)

The Online Hotel Booking system in PHP version 1.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to extract sensitive information from the database without authentication. This exploit has not been assigned a CVE yet.

Mitigation:

To mitigate this vulnerability, input validation should be implemented to prevent malicious SQL queries. Additionally, using parameterized queries can help prevent SQL injection attacks.

Source

Online Hotel Booking In PHP 1.0 – Blind SQL Injection (Unauthenticated)

Mitigation:

Exploit-DB raw data: