CVE-2025-11404 MEDIUM

CVE-2025-11404: SourceCodester Hotel and Lodge Management System save_tax.php sql injection

Vendor Sourcecodester

Product Hotel and Lodge Management System

Weakness CWE-89 · SQLi

Published October 7, 2025

Last update October 7, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown part of the file /pages/save_tax.php. Executing manipulation of the argument percentage can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

October 7, 2025 CVE published

October 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11404

Related vulnerabilities

04Related CVE

CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module CVE-2014-125101 Portfolio Gallery Plugin sql injection CVE-2024-0883 SourceCodester Online Tours & Travels Management System pay.php prepare sql injection CVE-2023-7138 code-projects Client Details System HTTP POST Request admin sql injection CVE-2025-6986 FileBird – WordPress Media Library Folders & File Manager <= 6.4.8 - Authenticated (Author+) SQL Injection