CVE-2025-7606

CVE-2025-7606 affects AVL Rooms 1.0, with a SQL injection in /city.php triggered by the city parameter. The vulnerability is exploitable remotely and publicly disclosed, prompting immediate attention. Reported by multiple sources (NVD, Red Hat, CVE List) across tooling ecosystems. Root cause cent...

CVE-2025-7606 code-projects AVL Rooms city.php sql injection

A vulnerability classified as critical has been found in code-projects AVL Rooms 1.0. This affects an unknown part of the file /city.php. The manipulation of the argument city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

CVE-2025-7605

CVE-2025-7605 affects AVL Rooms 1.0 by Code-Projects. The vulnerability is an SQL injection in /profile.php via the first_name parameter, exploitable remotely. Exploit has been publicly disclosed. Affects unknown functionality; exploitability and impact are described as high in CVSS notes across ...

Code-Projects AVL Rooms 安全漏洞

Code-Projects AVL Rooms is an AVL room system from Code-Projects open source. A security vulnerability exists in Code-Projects AVL Rooms version 1.0, which stems from a SQL injection due to incorrect manipulation of the parameter city in the file /city.php...