CVE-2025-7606

HIGH

code-projects AVL Rooms 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-7606. PoCs published by sunhuiHi666.

AI-analyzed exploit summary This repository provides a functional SQL injection payload for CVE-2025-7606, targeting the 'city' parameter in AVL Rooms Project V1.0's city.php file. The payload demonstrates a time-based blind SQL injection attack using MySQL's SLEEP function.

Description

A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC
by sunhuiHi666 · poc
https://github.com/sunhuiHi666/CVE-2025-7606

This repository provides a functional SQL injection payload for CVE-2025-7606, targeting the 'city' parameter in AVL Rooms Project V1.0's city.php file. The payload demonstrates a time-based blind SQL injection attack using MySQL's SLEEP function.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: AVL Rooms Project V1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint /city.php
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.316305
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.316305
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.615341
Exploit, Issue Tracking, Third Party Advisory exploit issue-tracking
https://github.com/sunhuiHi666/cve/issues/1
Product product
https://code-projects.org/

Scores

CVSS v3 7.3
EPSS 0.0040
EPSS Percentile 31.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
anisha/avl_rooms 1.0
Published Jul 14, 2025
Tracked Since Feb 18, 2026