CVE-2025-9150 MEDIUM

CVE-2025-9150: Surbowl dormitory-management-php violation_add.php sql injection

Vendor Surbowl

Product dormitory-management-php

Weakness CWE-89 · SQLi

Published August 19, 2025

Last update August 19, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

August 19, 2025 CVE published

August 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9150 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2025-9150

CWE CWE-89

CVSS 6.9 / MEDIUM

Affected versions