CVE-2008-6809
Bookingcentre Booking System For Hotels Group - SQL Injection
Title source: ruleDescription
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by R3d-D3V!L · textwebappsphp
https://www.exploit-db.com/exploits/10528
exploitdb
WORKING POC
VERIFIED
by R3d-D3V!L · textwebappsphp
https://www.exploit-db.com/exploits/7253
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46913
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7253
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32430
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32512
Scores
EPSS
0.0044
EPSS Percentile
63.5%
Details
CWE
CWE-89
Status
published
Products (1)
bookingcentre/booking_system_for_hotels_group
2.01
Published
May 18, 2009
Tracked Since
Feb 18, 2026