CVE-2025-10788

Опубликовано: 22 сент. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the file deleteroominventory.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Ссылки

https://github.com/peri0d/my_cve/blob/main/Online-Hotel-Reservation-System-In-PHP-With-Source-Code-deleteroominventory.php-sql-injection.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.325145
Permissions Required
VDB Entry
https://vuldb.com/?id.325145
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.653877
Third Party Advisory
VDB Entry
https://www.sourcecodester.com/
Product
https://github.com/peri0d/my_cve/blob/main/Online-Hotel-Reservation-System-In-PHP-With-Source-Code-deleteroominventory.php-sql-injection.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fabian:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.0005

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-5m3c-8rqf-pgcj

CVSS3: 7.3

github

5 месяцев назад

EPSS

Процентиль: 16%

0.0005

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74