PT-2025-40994 · Sourcecodester · Hotel/Lodge Management System
Tthuyyy
·
Published
2025-10-07
·
Updated
2025-10-07
·
CVE-2025-11397
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Hotel and Lodge Management System version 1.0
Description
A security flaw exists in SourceCodester Hotel and Lodge Management System 1.0. The issue involves SQL injection, potentially initiated remotely, through manipulation of the
email argument in an unknown function within the /login.php file. The exploit has been publicly released.Recommendations
Apply any available updates or patches for SourceCodester Hotel and Lodge Management System version 1.0.
As a temporary workaround, restrict access to the /login.php file.
Sanitize the
email input parameter to prevent SQL injection attacks.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hotel/Lodge Management System