SQL Injection Vulnerabilities Discovered in Hotel and Tourism Reservation Software

SQL Injection Vulnerabilities Discovered in Hotel and Tourism Reservation Software

First seen 5 Jul 2026, 21:19 UTC Ismalicious 91% similarity 51.9

Article Content

Browse articles
ThreatCluster

Two vulnerabilities, CVE-2026-14755 and CVE-2026-14756, have been identified in the Hotel and Tourism Reservation 1.0 software. CVE-2026-14755 affects the /admin/reservations.php file, while CVE-2026-14756 impacts the /admin/add_tour.php file. Both vulnerabilities allow for SQL injection through the manipulation of specific arguments, which can be exploited remotely. The CVSS score for both vulnerabilities is 7.3, indicating high severity. Active exploitation has not been confirmed for either CVE, and the EPSS scores are not available. The vulnerabilities were disclosed to the public on July 5, 2026. Users of the affected software are advised to monitor for potential exploitation. No specific patches or mitigation strategies have been provided yet.

Key Points: • Two high-severity SQL injection vulnerabilities found in Hotel and Tourism Reservation 1.0. • CVE-2026-14755 and CVE-2026-14756 allow remote exploitation via specific arguments. • Active exploitation has not been confirmed, but users should remain vigilant.

ThreatCluster AI

Timeline

2026-07-05
CVE-2026-14755 published
A SQL injection vulnerability was disclosed in the Reservations Management Page of Hotel and Tourism Reservation 1.0.
Ismalicious
2026-07-05
CVE-2026-14756 published
A SQL injection vulnerability was disclosed in the Tour Management Page of Hotel and Tourism Reservation 1.0.
Ismalicious

Community

Browse all →