CVE-2009-4617 Information

Description

Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php (2) details.php (3) roomtypes.php (4) photos.php (5) map.php (6) weather.php (7) reviews.php and (8) book.php.

Reference

http://secunia.com/advisories/36661 http://www.exploit-db.com/exploits/9632 https://exchange.xforce.ibmcloud.com/vulnerabilities/53138