CVE-2025-12856

CWE-74 CWE-89 — SQL Injection4 documents4 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 95.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Responsive Hotel Site Fabian Responsive Hotel Site

Timeline

PublishedNov 7

Description

A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/responsive_hotel_site1.0

▶NVDfabian/responsive_hotel_site1.0

🔴Vulnerability Details

GHSA

GHSA-fv27-q26g-hwf7: A weakness has been identified in code-projects Responsive Hotel Site 1↗2025-11-07

▶

CVEList

code-projects Responsive Hotel Site reservation.php sql injection↗2025-11-07

▶

🕵️Threat Intelligence

Fortinet

RondoDox Unveiled: Breaking Down a New Botnet Threat | FortiGuard Labs↗2025-07-03

▶