CVE-2025-12855

EUVD-2025-38249
A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
4.7 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
fabianresponsive_hotel_site
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://code-projects.org/
https://github.com/AmengDream/CVE/blob/main/Responsive_Hotel_Site/newsletterdel-sql-injection/report.md
https://vuldb.com/?ctiid.331501
https://vuldb.com/?id.331501
https://vuldb.com/?submit.679743
https://github.com/AmengDream/CVE/blob/main/Responsive_Hotel_Site/newsletterdel-sql-injection/report.md