Login Sign Up

CVE-2025-11397

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

An SQL injection vulnerability exists in SourceCodester Hotel and Lodge Management System 1.0's login.php file via the email parameter. This allows remote attackers to execute arbitrary SQL commands, potentially compromising the database. All users running version 1.0 of this software are affected.

💻 Affected Systems

Products:
  • SourceCodester Hotel and Lodge Management System
Versions: 1.0
Operating Systems: Any OS running PHP and MySQL/MariaDB
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of version 1.0 regardless of configuration.

📦 What is this software?

Hotel And Lodge Management System by Nikhil Bhalerao

View all CVEs affecting Hotel And Lodge Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, modification, deletion, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, authentication bypass, and potential privilege escalation leading to system takeover.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, but still poses authentication bypass risk.

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication, making internet-facing instances immediate targets.
🏢 Internal Only: MEDIUM - Internal attackers could exploit, but requires network access to the system.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily exploitable by attackers with basic SQL injection knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Consider implementing input validation and parameterized queries as workaround.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation and sanitization of email parameter in login.php

Edit login.php to add: $email = mysqli_real_escape_string($connection, $_POST['email']);

Web Application Firewall (WAF)

all

Deploy WAF with SQL injection rules to block malicious requests

🧯 If You Can't Patch

  • Isolate the system behind a firewall with strict access controls
  • Implement network segmentation to limit database access from application server only

🔍 How to Verify

Check if Vulnerable:

Test login.php with SQL injection payloads like: email=test' OR '1'='1

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

Test with same payloads after implementing fixes - should return error or no data leakage

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed login attempts with SQL-like patterns

Network Indicators:

  • HTTP POST requests to /login.php containing SQL keywords in email parameter

SIEM Query:

source="web_logs" AND uri="/login.php" AND (email CONTAINS "' OR" OR email CONTAINS "UNION" OR email CONTAINS "SELECT")

📊 Metadata

CVE ID: CVE-2025-11397
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.05% exploit probability (15.4th percentile)
Published: October 7, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11397, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)