CVE-2025-10623

medium

Description

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. The impacted element is an unknown function of the file deleteuser.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

References

https://www.sourcecodester.com/

https://vuldb.com/?submit.650221

https://vuldb.com/?id.324651

https://vuldb.com/?ctiid.324651

https://github.com/aCas1o/cve_report02/blob/main/report.md

Details

Source: Mitre, NVD

Published: 2025-09-17

Updated: 2025-09-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium