PT-2025-35504 · Sourcecodester · Free Hotel Reservation System
Yosheep
·
Published
2025-09-01
·
Updated
2025-09-03
·
CVE-2025-9790
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Hotel Reservation System version 1.0
Description
A security flaw has been discovered that allows for remote SQL injection via manipulation of the
address argument in the file /admin/updateabout.php. The exploit has been released to the public and may be exploited.Recommendations
As a temporary workaround, consider restricting access to the
/admin/updateabout.php file until a patch is available.
Sanitize the address input before using it in SQL queries.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Free Hotel Reservation System