Vulnerability Description
A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fantasticlbp | Hotels Server | <= 2019-03-23 |
Related Weaknesses (CWE)
References
- https://github.com/navex2/CVE/issues/1ExploitIssue TrackingMitigation
- https://github.com/navex2/CVE/issues/2ExploitIssue TrackingMitigation
- https://vuldb.com/?ctiid.336428Permissions RequiredVDB Entry
- https://vuldb.com/?id.336428Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.707083Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.707085Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-14711?
CVE-2025-14711 is a vulnerability with a CVSS score of 7.3 (HIGH). A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation...
How severe is CVE-2025-14711?
CVE-2025-14711 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14711?
Check the references section above for vendor advisories and patch information. Affected products include: Fantasticlbp Hotels Server.