Home > Vulnerability Database > CVE-2025-9150

Mend.io Vulnerability Database

CVE-2025-9150

Good to know:

Date: August 19, 2025

A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer.

Severity Score

9.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-9150

Url: https://vuldb.com/?submit.629618

Url: https://vuldb.com/?ctiid.320529

Url: https://vuldb.com/?id.320529

Url: https://github.com/xinzfy/cve/issues/1

Url: https://www.mend.io/vulnerability-database/CVE-2025-9150

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version https://github.com/Surbowl/dormitory-management-php.git - no_fix

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-9150

Good to know:

Date: August 19, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?