A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 and classified as critical. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection.
This vulnerability is handled as CVE-2026-14763. The attack can be initiated remotely. Additionally, an exploit exists.