A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
PUBLISHED5.2CWE-434CWE-284x_freeware
code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload
Problem type
Affected products
code-projects
Simple Online Hotel Reservation System
2.0 - AFFECTED
References
VDB-330888 | code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload
https://vuldb.com/?id.330888
VDB-330888 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.330888
Submit #677547 | code-projects Simple Online Hotel Reservation System 2.0 Unrestricted Upload
https://vuldb.com/?submit.677547
github.com
https://github.com/asd1238525/cve/blob/main/upload2.md
code-projects.org
https://code-projects.org/
GitHub Security Advisories
GHSA-cjf9-55gg-3f5x
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The...
https://github.com/advisories/GHSA-cjf9-55gg-3f5xA vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-12593
code-projects.org
https://code-projects.org
github.com
https://github.com/asd1238525/cve/blob/main/upload2.md
vuldb.com
https://vuldb.com/?ctiid.330888
vuldb.com
https://vuldb.com/?id.330888
vuldb.com
https://vuldb.com/?submit.677547
github.com
https://github.com/advisories/GHSA-cjf9-55gg-3f5x
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-12593Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-12593",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2025-11-02T06:02:05.981Z",
"dateReserved": "2025-11-01T15:57:22.011Z",
"datePublished": "2025-11-02T06:02:05.981Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2025-11-02T06:02:05.981Z"
},
"title": "code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in code-projects Simple Online Hotel Reservation System 2.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/edit_room.php der Komponente Photo Handler. Die Veränderung resultiert in unrestricted upload. Der Angriff kann über das Netzwerk passieren. Der Exploit ist öffentlich verfügbar und könnte genutzt werden."
}
],
"affected": [
{
"vendor": "code-projects",
"product": "Simple Online Hotel Reservation System",
"modules": [
"Photo Handler"
],
"versions": [
{
"version": "2.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Unrestricted Upload",
"cweId": "CWE-434",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Improper Access Controls",
"cweId": "CWE-284",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.330888",
"name": "VDB-330888 | code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/?ctiid.330888",
"name": "VDB-330888 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.677547",
"name": "Submit #677547 | code-projects Simple Online Hotel Reservation System 2.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/asd1238525/cve/blob/main/upload2.md",
"tags": [
"exploit"
]
},
{
"url": "https://code-projects.org/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 5.8
}
}
],
"timeline": [
{
"time": "2025-11-01T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2025-11-01T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2025-11-01T17:02:29.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "yunlin (VulDB User)",
"type": "reporter"
}
],
"tags": [
"x_freeware"
]
}
}
}