CVE-2025-11351
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | online_hotel_reservation_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow remote attackers to upload arbitrary files to the system, which could lead to unauthorized access, data compromise, or further exploitation of the system. This could result in system disruption, data breaches, or unauthorized control over the affected server.
Can you explain this vulnerability to me?
This vulnerability is a weakness in the Online Hotel Reservation System 1.0, specifically in an unknown function within the file /admin/editpicexec.php. It allows an attacker to manipulate the 'image' argument to perform an unrestricted file upload. This means an attacker can upload potentially malicious files to the system remotely without restrictions.