A vulnerability labeled as critical has been found in code-projects Hotel and Tourism Reservation System 1.0 . This affects an unknown function of the file /details.php . Such manipulation of the argument room leads to sql injection. This vulnerability is uniquely identified as CVE-2026-11342 . The attack can be launched remotely. Moreover, an exploit is present.