EIP-2026-112761
PRE-CVEtourismscripts HotelBook - 'hotel_id' Multiple SQL Injections
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112761. PoCs published by Mr.SQL.
AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in HotelBook by providing crafted URLs that extract user credentials (username, password, email) via UNION-based SQLi. The payloads target multiple endpoints with malformed 'hotel_id' parameters.
Description
tourismscripts HotelBook - 'hotel_id' Multiple SQL Injections
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mr.SQL · textwebappsphp
https://www.exploit-db.com/exploits/34599
The exploit demonstrates SQL injection vulnerabilities in HotelBook by providing crafted URLs that extract user credentials (username, password, email) via UNION-based SQLi. The payloads target multiple endpoints with malformed 'hotel_id' parameters.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
HotelBook (version unspecified)
No auth needed
Prerequisites:
Access to vulnerable HotelBook web application
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026