关键信息摘要 CVE-ID: CVE-2025-13169 Vulnerability Type: SQL Injection Severity: Critical Affected Software: Code-Projects Simple Online Hotel Reservation System 1.0 Vulnerable File: Vulnerable Parameter: CWE Classification: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) Exploit Status: Exploit Available CWE-89 Description: The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command. Impact: Affects confidentiality, integrity, and availability. Additional Details Exploitation Easiness: Easy, No authentication required for exploitation. Advisory and Exploit Availability: - Advisory shared at Github.com - Exploit available as proof-of-concept at GitHub.com Detection Method: Vulnerable targets can be identified using Google Hacking with the query . Attack Technique: T1505