CVE-2008-6809

Description

SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.

Affected products

• bookingcentre / booking_system_for_hotels_group2.01 – 2.01

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46913
• EXPLOIThttps://www.exploit-db.com/exploits/7253
• VENDOR_ADVISORYhttp://secunia.com/advisories/32430
• MISChttp://www.securityfocus.com/bid/32512