CVE-2025-9150
HIGHSurbowl dormitory-management-php <9f1d9d1f528cabffc66fda3652c56ff32...
Title source: llmDescription
A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer.
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.320529
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.320529
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.629618
Issue Tracking exploit
issue-tracking
https://github.com/xinzfy/cve/issues/1
Scores
CVSS v3
7.3
EPSS
0.0030
EPSS Percentile
21.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-74
CWE-89
Status
published
Products (1)
Surbowl/dormitory-management-php
9f1d9d1f528cabffc66fda3652c56ff327fda317
Published
Aug 19, 2025
Tracked Since
Feb 18, 2026