Online Hotel Reservation System
CVE-2025-11354
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used.
AnalysisAI
Unrestricted file upload in code-projects Online Hotel Reservation System 1.0 allows authenticated remote attackers to upload files via manipulation of the image parameter in /admin/addslideexec.php, leading to potential remote code execution. The CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact due to authentication requirements (PR:L), but publicly available exploit code exists and the low EPSS score (0.05%, 14th percentile) indicates exploitation is unlikely to be widespread in practice.
Technical ContextAI
The vulnerability resides in the /admin/addslideexec.php endpoint, which handles image file uploads without proper validation of the image parameter. CWE-284 (Improper Access Control) indicates insufficient authorization checks - the function accepts file upload requests from authenticated users but fails to validate file type, extension, or content, permitting arbitrary file types to be uploaded. The affected product is a PHP-based online hotel reservation system, where administrative functions are expected to be protected by authentication but the upload validation logic is absent or bypassed.
RemediationAI
No vendor-released patch identified at time of analysis. Immediate remediation requires implementing strict file upload validation in /admin/addslideexec.php: restrict accepted MIME types to image formats only (image/jpeg, image/png, image/gif), validate file extensions against a whitelist, store uploaded files outside the web root or in a directory with execution disabled, and rename uploaded files to remove original extension. Additionally, implement robust access control to ensure only authorized administrators can access the addslideexec.php endpoint; consider requiring additional authentication (multi-factor authentication or IP whitelisting) for admin file upload functions. As a temporary control, disable the image slide upload feature entirely until file validation can be implemented, or restrict access to /admin/addslideexec.php via web application firewall rules to known administrator IP addresses.
More from same product – last 7 days
Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to acce
Authenticated remote code execution in Discuz! X5.0 releases 20260320 through 20260501 allows administrators to chain a
Unauthenticated PHP Object Injection in the Happyforms WordPress plugin (versions <= 1.26.13) allows remote attackers to
Unauthenticated PHP Object Injection in the Broadcast Live Video WordPress plugin (versions prior to 7.1.3) allows remot
Unauthenticated PHP object injection in the WordPress plugin 'Integration for Keap/Infusionsoft and Contact Form 7, WPFo
Share
External POC / Exploit Code
Leaving vuln.today