Online Hotel Reservation System
CVE-2025-11353
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was detected in code-projects Online Hotel Reservation System 1.0. This impacts an unknown function of the file /admin/addgalleryexec.php. Performing manipulation of the argument image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used.
AnalysisAI
Code-Projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via manipulation of the image parameter in /admin/addgalleryexec.php, bypassing file upload restrictions. The vulnerability requires valid admin credentials (PR:L in CVSS vector) and results in limited confidentiality, integrity, and availability impact. Public exploit code is available, though the low EPSS score (0.04%) and limited scope suggest this is not actively exploited at scale.
Technical ContextAI
The vulnerability resides in /admin/addgalleryexec.php, a gallery management endpoint in the PHP-based Online Hotel Reservation System. The underlying flaw (CWE-284: Improper Access Control) indicates insufficient validation or enforcement of file upload restrictions. The image parameter fails to properly validate uploaded file types, names, or content before storage, allowing attackers to upload non-image files. This is a classic PHP file upload vulnerability where the application trusts user input without server-side validation or MIME type verification.
RemediationAI
No vendor-released patch identified at time of analysis. Immediate mitigation: restrict access to /admin/addgalleryexec.php to trusted admin IPs using web server rules (e.g., Apache .htaccess or nginx location blocks). Implement server-side file upload validation: verify MIME types via PHP getimagesize() or exif_imagetype(), restrict file extensions to whitelist (jpg, png, gif only), store uploads outside web root, and rename files with unguessable names. Disable PHP execution in upload directories via web server configuration to prevent uploaded shells from executing. Review admin user credentials for weak or default passwords, and enable multi-factor authentication if the application supports it. Consider upgrading to a maintained gallery solution if patches are not released promptly.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today