CVE-2008-6809

Venalsur Booking Centre Booking System for Hotels Group 2.01 - SQL Injection via HotelID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6809. PoCs published by R3d-D3V!L.

AI-analyzed exploit summary This exploit demonstrates a remote SQL injection vulnerability in the 'hotel_habitaciones.php' script of the Hotels Group software by manipulating the 'HotelID' parameter. The provided SQL payload retrieves database version and user information.

Description

SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by R3d-D3V!L · textwebappsphp
https://www.exploit-db.com/exploits/10528

This exploit demonstrates a remote SQL injection vulnerability in the 'hotel_habitaciones.php' script of the Hotels Group software by manipulating the 'HotelID' parameter. The provided SQL payload retrieves database version and user information.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Hotels Group (bookingcentre.eu)
No auth needed
Prerequisites: Access to the vulnerable 'hotel_habitaciones.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by R3d-D3V!L · textwebappsphp
https://www.exploit-db.com/exploits/7253

This exploit demonstrates a remote SQL injection vulnerability in the 'HotelID' parameter of the 'hotel_habitaciones.php' script. The provided SQL query concatenates the database version and user information, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Hotels Group (specific version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46913
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7253
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32430
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32512

Scores

EPSS 0.0098
EPSS Percentile 57.6%

Details

CWE
CWE-89
Status published
Products (1)
bookingcentre/booking_system_for_hotels_group 2.01
Published May 18, 2009
Tracked Since Feb 18, 2026