CVE-2024-25318
Description
Hotel Managment System 1.0 SQL injection in print.php via pid parameter allows data theft.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Hotel Managment System 1.0 SQL injection in print.php via pid parameter allows data theft.
Vulnerability
Hotel Managment System 1.0, a PHP application from code-projects.org, contains a SQL injection vulnerability in the pid parameter at Hotel/admin/print.php?pid=2. The parameter is not sanitized, leading to SQL injection. This path requires admin authentication to reach the payment section and then the print button. Affected version is 1.0. [1]
Exploitation
An attacker with administrative access (logged-in user) can trigger the vulnerability by navigating to the Payment section and clicking the print button. The request to print.php?pid=2 can be captured and modified. Using a tool like sqlmap, the attacker can inject SQL payloads via the pid parameter, as demonstrated with boolean-based blind, time-based blind, and UNION queries. [1]
Impact
Successful exploitation allows an attacker to extract database contents, including potentially sensitive data, compromise the application, or modify data. The SQL injection can be used to access or modify information in the underlying MySQL database. [1]
Mitigation
No official fix has been released as of February 2024. Users should sanitize the pid parameter by using prepared statements or input validation. The application is from code-projects.org and may not be actively maintained. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Code-projects/Hotel Managment Systemdescription
- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization on the 'pid' GET parameter allows SQL injection."
Attack vector
An attacker sends a crafted GET request to `/Hotel/admin/print.php?pid=2` with malicious SQL payloads in the `pid` parameter [ref_id=1]. The application does not validate or sanitize this input, enabling boolean-based blind, time-based blind, and UNION query injection [ref_id=1]. The attacker can reach the vulnerable endpoint by navigating to the Payment section in the admin panel and clicking the print button, then intercepting the request [ref_id=1]. Exploitation requires network access to the application and does not require authentication beyond what the admin panel enforces [ref_id=1].
Affected code
The vulnerable endpoint is `/Hotel/admin/print.php`, which accepts the `pid` parameter via GET request [ref_id=1]. The advisory does not specify the exact function or line within the file, but the `pid` parameter is passed unsanitized into a SQL query [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory does not include a fix or remediation guidance from the vendor [ref_id=1]. To close this vulnerability, the application should use prepared statements with parameterized queries for the `pid` parameter, or apply strict input validation (e.g., casting to integer) before including it in a SQL query.
Preconditions
- networkNetwork access to the application (e.g., http://localhost/Hotel/admin/print.php)
- inputAbility to reach the admin panel's Payment section and click the print button, or directly craft the GET request
Reproduction
1. Navigate to `http://localhost/Hotel/admin/home.php` and click the Payment section, then click the print button [ref_id=1]. 2. Capture the resulting GET request to `/Hotel/admin/print.php?pid=2` using Burp Suite [ref_id=1]. 3. Save the request to a file (e.g., `r.txt`) and run sqlmap: `python sqlmap.py -r r.txt -p pid --risk 3 --level 5 --dbms mysql --proxy="http://127.0.0.1:8080" --batch --current-db` [ref_id=1]. 4. sqlmap will confirm boolean-based blind, time-based blind, and UNION query injection on the `pid` parameter [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.