Login Sign Up

CVE-2025-9002

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This SQL injection vulnerability in Surbowl dormitory-management-php 1.0 allows attackers to manipulate database queries through the Account parameter in login.php. Remote attackers can potentially access, modify, or delete database contents. Only unsupported versions of this specific software are affected.

💻 Affected Systems

Products:
  • Surbowl dormitory-management-php
Versions: 1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects unsupported versions; maintainer no longer provides updates.

📦 What is this software?

Dormitory Management Php by Surbowl

View all CVEs affecting Dormitory Management Php →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data destruction, or remote code execution via database functions.

🟠

Likely Case

Unauthorized access to sensitive dormitory management data, potential authentication bypass, or data exfiltration.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in GitHub issues; SQL injection via login.php Account parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available since software is unsupported. Migrate to supported alternative or implement workarounds.

🔧 Temporary Workarounds

Input Validation and Parameterized Queries

all

Modify login.php to validate Account input and use prepared statements for SQL queries.

Edit login.php to replace raw SQL with PDO or mysqli prepared statements

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns targeting login.php

Configure WAF to block SQL injection patterns in POST/GET parameters

🧯 If You Can't Patch

  • Isolate the application behind a reverse proxy with strict input filtering
  • Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test login.php with SQL injection payloads in Account parameter (e.g., ' OR '1'='1)

Check Version:

Check PHP files for version references or consult documentation

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and login.php uses parameterized queries

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed login attempts with SQL patterns
  • Database query errors from login.php

Network Indicators:

  • HTTP requests to login.php with SQL keywords in parameters
  • Unusual database traffic patterns

SIEM Query:

source="web_logs" AND uri="/login.php" AND (param="Account" AND value MATCHES "(?i)(union|select|or|and|--|#)")

📊 Metadata

CVE ID: CVE-2025-9002
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.03% exploit probability (7.6th percentile)
Published: August 15, 2025
Last Updated: September 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9002, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)