Sourcecodester Hotel Reservation System vulnerabilities

CVE-2025-10623 [MEDIUM] CWE-74 CVE-2025-10623: A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

CVE-2025-10621 [MEDIUM] CWE-74 CVE-2025-10621: A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element is an unknown function of the file editroomimage.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVE-2025-9790 [MEDIUM] CWE-74 CVE-2025-9790: A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.