关键漏洞信息 漏洞标题 SQL Injection in Hotel-Management-System <= Latest 漏洞作者 yaklang.io, IRify, Yakit 产品信息 Vendor Homepage: https://github.com/tushar-2223/Hotel-Management-System Software Link: https://github.com/tushar-2223/Hotel-Management-System Affected Version: <= Latest (as of Nov 2025) 漏洞细节 Vulnerable Files: - (Lines 386-388) Vulnerability Type: CWE-89: SQL Injection (Time-Based Blind) 根因 Directly retrieves user input from parameter and concatenates it into SQL query without validation. No authentication or session validation. 影响 Severity: Critical (CVSS 9.8) Impact: 1. Extract Sensitive Data 2. Privilege Escalation 3. Database Manipulation 4. Remote Code Execution 5. Service Disruption 漏洞详情 Vulnerable Endpoint: Exploitation Flow: 1. Access endpoint 2. Inject payload 3. Extract data 4. Dump sensitive data 5. Admin login 攻击向量 Time-Based Blind SQL Injection Boolean-Based Blind SQL Injection UNION-Based SQL Injection Stacked Queries Out-of-Band Data Exfiltration 修复建议 1. Use Prepared Statements: 2. Create Authentication Middleware: 3. Input Validation Function: