CVE-2025-12855

CWE-74 CWE-89 — SQL Injection CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 95.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Responsive Hotel Site Fabian Responsive Hotel Site

Timeline

PublishedNov 7

Description

A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/responsive_hotel_site1.0

▶NVDfabian/responsive_hotel_site1.0

🔴Vulnerability Details

GHSA

GHSA-q2pr-r6jf-wv38: A security flaw has been discovered in code-projects Responsive Hotel Site 1↗2025-11-07

▶

CVEList

code-projects Responsive Hotel Site newsletterdel.php sql injection↗2025-11-07

▶

📋Vendor Advisories

Microsoft

In words.protocols.jabber.xmlstream in Twisted through 19.2.1 XMPP support did not verify certificates when used with TLS allowing an attacker to MITM connections.↗2019-06-11

▶