A vulnerability identified as critical has been detected in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection.
This vulnerability is listed as CVE-2026-14755. The attack may be initiated remotely. In addition, an exploit is available.