A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/navex2/CVE/issues/3 | Exploit Issue Tracking Mitigation Third Party Advisory |
| https://vuldb.com/?ctiid.336427 | Permissions Required VDB Entry |
| https://vuldb.com/?id.336427 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.707082 | Third Party Advisory VDB Entry |
Configurations
History
05 Mar 2026, 20:05
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:fantasticlbp:hotels_server:*:*:*:*:*:*:*:* | |
| References | () https://github.com/navex2/CVE/issues/3 - Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
| References | () https://vuldb.com/?ctiid.336427 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.336427 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.707082 - Third Party Advisory, VDB Entry | |
| First Time |
Fantasticlbp hotels Server
Fantasticlbp |
15 Dec 2025, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-15 08:15
Updated : 2026-03-05 20:05
NVD link : CVE-2025-14710
Mitre link : CVE-2025-14710
CVE.ORG link : CVE-2025-14710
JSON object : View
Products Affected
fantasticlbp
- hotels_server