Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which allows a remote, authenticated attacker to execute arbitrary SQL commands via the date parameter in includes/reservation.inc.php.