CVE-2026-14754
Severity CVSS v4.0:
MEDIUM
Type:
CWE-74
Injection
Publication date:
05/07/2026
Last modified:
06/07/2026
Description
A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
Impact
Base Score 4.0
5.50
Severity 4.0
MEDIUM
Base Score 3.x
7.30
Severity 3.x
HIGH
Base Score 2.0
7.50
Severity 2.0
HIGH
References to Advisories, Solutions, and Tools
- https://code-projects.org/
- https://medium.com/@avdzav10/sql-injection-in-hotel-and-tourism-reservation-system-php-1-0-admin-add-room-php-25149909c16a
- https://vuldb.com/cve/CVE-2026-14754
- https://vuldb.com/submit/850344
- https://vuldb.com/vuln/376343
- https://vuldb.com/vuln/376343/cti
- https://vuldb.com/submit/850344



