A SQL injection vulnerability has been identified in code-projects Hotel and Tourism Reservation System version 1.0. The vulnerability exists in an unknown function within the tour.php file of the GET Parameter Handler component. Attackers can exploit this by manipulating the 'tour' argument to execute SQL injection attacks. The vulnerability can be exploited remotely without authentication. Public exploits are available, making this an actively exploitable security issue that poses significant risk to affected systems.