Unrated severityNVD Advisory· Published Jun 20, 2025· Updated Jun 24, 2025

CVE-2025-44203

Description

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.

Affected products

HotelDruid/HotelDruiddescription
HotelDruid/HotelDruidllm-fuzzy
Range: =3.0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/IvanT7D3/CVE-2025-44203/tree/mainmitre
www.hoteldruid.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000