VDB
CVE-2025-10843
CVE-2025-10843
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
EPSS 0.05% · 16.5th percentile
Risk Scores
CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
EPSS Score
0.05%
16.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reservation | Online Hotel Reservation System | 1.0, 1.0 |
| fabian | online_hotel_reservation_system | 1.0, 1.0 |
Timeline
- Sep 22, 2025 CVE ID Reserved
- Sep 23, 2025 EPSS Score
- Sep 23, 2025 CVE Published
- Sep 23, 2025 PoC Published
- Sep 23, 2025 CVE Updated
- Sep 30, 2025 EPSS Score
- Oct 3, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 7, 2025 EPSS Score
- Oct 13, 2025 EPSS Score
- Oct 20, 2025 EPSS Score
- Oct 27, 2025 EPSS Score
References
- VDB-325205 | Reservation Online Hotel Reservation System paypalpayout.php sql injection vdb
- VDB-325205 | CTI Indicators (IOB, IOC, TTP, IOA) url
- Submit #657389 | code-projects Online Hotel Reservation System 1 SQL Injection third-party-advisory
- https://github.com/xingrenlvke/cve/issues/10 exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-10843 advisory