CNNVD-202512-815 Information

Dec 07, 2025 cve

CNNVD ID

CNNVD-202512-815

CVE-2025-14201

CNNVD Published: 2025-12-07

Description (Chinese)

Hotel-Management-services-using-MYSQL-and-php是Alok .S. Jaiswal个人开发者的一个酒店管理系统。 Hotel-Management-services-using-MYSQL-and-php存在代码注入漏洞，该漏洞源于文件/dishsub.php中参数item.name处理不当，可能导致跨站脚本攻击。

Description (English)

Hotel-Management-services-using-MYSQL-and-php is a hotel management system for Alok.S. Jaiswal’s personal developer. Hotel-Management-services-using-MYSQL-and-php has a code-injection loophole, which stems from the inappropriate handling of the parameter iem.name in file/dishsub.php, which may result in a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2025-12-07

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.334621 https://github.com/Yh276/h0202/blob/main/Hotel-Management-services-using-MYSQL-and-php%20web%201%20xxs.docx https://vuldb.com/?submit.699994 https://vuldb.com/?id.334621 https://access.redhat.com/security/cve/cve-2025-14201

Share on: