CVE-2025-7606

Name of the Vulnerable Software and Affected Versions: AVL Rooms version 1.0

Description: A critical issue exists in AVL Rooms that allows for SQL injection. The vulnerability is located in the /city.php file, where manipulation of the city argument can trigger the attack remotely. The exploit for this issue has been publicly disclosed.

Recommendations: As a temporary workaround, consider restricting access to the /city.php file until a fix is available. Sanitize the city argument to prevent SQL injection attacks.