A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0 and classified as critical. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-14764. The attack can be launched remotely. Moreover, an exploit is present.