YoSheep

3 exploits Active since Sep 2025
CVE-2025-9789 WRITEUP HIGH WRITEUP
Online Hotel Reservation System 1.0 - SQL Injection via edituser.php userid Parameter
A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2025-9790 WRITEUP HIGH WRITEUP
SourceCodester Hotel Reservation System 1.0 - SQL Injection via updateabout.php Address Parameter
A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVSS 7.3
CVE-2025-9834 WRITEUP LOW WRITEUP
PHPGurukul Small CRM 4.0 - Stored Cross-Site Scripting via Username Parameter in Registration
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVSS 3.5