Key Information Affected Product Product Name: Online Hotel Reservation System Version: V1.0 Affected File: /admin/execedituser.php Vulnerability Type Type: SQL Injection Root Cause In the file , attackers can inject malicious code via the parameter, which is directly used in SQL queries without proper sanitization or validation. Impact Attackers can exploit this SQL injection vulnerability to gain unauthorized database access, leak sensitive data, modify data, achieve full system control, or cause service disruption, posing a serious threat to system security and business continuity. Description During the review of the "Online Hotel Reservation System", a critical SQL injection vulnerability was identified. This vulnerability stems from insufficient validation of user input for the parameter, allowing attackers to manipulate SQL queries. Vulnerability Details and POC Vulnerable Parameter: Payload: Recommended Remediation 1. Use prepared statements with parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges. 4. Conduct regular security audits.