Login Sign Up

CVE-2025-11398

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

SourceCodester Hotel and Lodge Management System 1.0 has an unrestricted file upload vulnerability in the profile.php image upload function. Attackers can remotely upload malicious files, potentially leading to server compromise. All deployments of version 1.0 are affected.

💻 Affected Systems

Products:
  • SourceCodester Hotel and Lodge Management System
Versions: 1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 1.0 are vulnerable by default.

📦 What is this software?

Hotel And Lodge Management System by Nikhil Bhalerao

View all CVEs affecting Hotel And Lodge Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell upload allowing persistent backdoor access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious file execution while maintaining legitimate functionality.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires authentication to access profile.php.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Implement File Upload Restrictions

all

Add server-side validation to restrict file uploads to specific extensions and scan for malicious content.

Modify profile.php to include: $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif']; $max_size = 2097152; // 2MB

Disable Profile Image Upload

all

Temporarily disable the image upload functionality in profile.php until a proper fix is available.

Comment out or remove file upload code in profile.php

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block malicious file uploads
  • Restrict network access to the application using firewall rules

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with a malicious extension (e.g., .php) through the profile image upload feature.

Check Version:

Check the software version in the admin panel or application footer.

Verify Fix Applied:

Test that only allowed file types (images) can be uploaded and that uploaded files cannot be executed as code.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /profile.php
  • Uploads of non-image file types
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to /profile.php with file uploads
  • Unusual outbound connections after file upload

SIEM Query:

source="web_server" AND uri="/profile.php" AND method="POST" AND (file_extension!="jpg" OR file_extension!="jpeg" OR file_extension!="png" OR file_extension!="gif")

📊 Metadata

CVE ID: CVE-2025-11398
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.06% exploit probability (19.3th percentile)
Published: October 7, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11398, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)