A vulnerability, which was classified as critical, was found in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection.

This vulnerability is known as CVE-2026-14762. It is possible to launch the attack remotely. Furthermore, an exploit is available.