CVE-2025-10798

Name of the Vulnerable Software and Affected Versions Hostel Management System version 1.0

Description A SQL injection flaw exists in the file '/justines/admin/mod roomtype/index.php?view=view'. This issue allows a remote attacker to perform unauthorized database queries by manipulating the ID argument. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to view, modify, or delete sensitive data.

Recommendations As a temporary workaround, restrict access to the '/justines/admin/mod roomtype/index.php?view=view' file or avoid using the ID argument until a fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.