CVE-2025-11401

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Hotel and Lodge Management System version 1.0

Description A flaw exists in SourceCodester Hotel and Lodge Management System 1.0. The issue involves SQL injection, potentially exploitable remotely, stemming from manipulation of the currcode argument within an unknown function of the /pages/save curr.php file. The exploit for this issue has been published.

Recommendations Apply a fix for the SQL injection issue in the /pages/save curr.php file. Restrict access to the /pages/save curr.php file until a fix is available. Sanitize the currcode input to prevent SQL injection attacks.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-11401

Affected Products

Hotel/Lodge Management System

CVE-2025-11401

Weakness Enumeration

Related Identifiers

Affected Products

References · 10