Ismalicious
SQL Injection Vulnerabilities Discovered in Hotel and Tourism Reservation Software
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two vulnerabilities, CVE-2026-14755 and CVE-2026-14756, have been identified in the Hotel and Tourism Reservation 1.0 software. CVE-2026-14755 affects the /admin/reservations.php file, while CVE-2026-14756 impacts the /admin/add_tour.php file. Both vulnerabilities allow for SQL injection through the manipulation of specific arguments, which can be exploited remotely. The CVSS score for both vulnerabilities is 7.3, indicating high severity. Active exploitation has not been confirmed for either CVE, and the EPSS scores are not available. The vulnerabilities were disclosed to the public on July 5, 2026. Users of the affected software are advised to monitor for potential exploitation. No specific patches or mitigation strategies have been provided yet.
Key Points: • Two high-severity SQL injection vulnerabilities found in Hotel and Tourism Reservation 1.0. • CVE-2026-14755 and CVE-2026-14756 allow remote exploitation via specific arguments. • Active exploitation has not been confirmed, but users should remain vigilant.