CVE-2025-15127: SQL Injection in FantasticLBP Hotels_Server
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-15127: SQL Injection in FantasticLBP Hotels_Server
Description
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-12-27T09:03:53.113Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6950e82a91db97df3a7985b2
Added to database: 12/28/2025, 8:19:54 AM
Last updated: 12/28/2025, 10:52:37 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15132: Command Injection in ZSPACE Z4Pro+
MediumCVE-2025-15131: Command Injection in ZSPACE Z4Pro+
MediumCVE-2025-15130: Code Injection in shanyu SyCms
MediumCVE-2025-15128: Unprotected Storage of Credentials in ZKTeco BioTime
MediumCVE-2025-15126: Improper Authorization in JeecgBoot
LowActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.