Gym Management System
Monthly
GYM-MANAGEMENT-SYSTEM 1.0 has multiple SQL injection vulnerabilities in search and payment endpoints (member_search, trainer_search, gym_search, payment_search). PoC available.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/actions/remove-announcement.php, enabling unauthorized database query execution with limited confidentiality and integrity impact. Publicly available exploit code exists, but EPSS exploitation probability is extremely low (0.01th percentile), suggesting the vulnerability requires authenticated access and offers minimal real-world payoff despite network accessibility.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/actions/check-attendance.php, resulting in limited confidentiality and integrity compromise. The vulnerability requires valid administrator credentials, has publicly available exploit code, but carries very low real-world risk with an EPSS score of 0.03% due to authentication requirements and limited impact scope (CVE4.0 vector shows only partial confidentiality/integrity loss, no availability impact).
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/actions/delete-equipment.php. The vulnerability requires valid user credentials (PR:L) and has publicly available exploit code; however, the EPSS score of 0.03% and limited impact scope (VC:L/VI:L/VA:L) indicate low real-world exploitation probability despite technical exploitability.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/edit-equipmentform.php. The vulnerability requires valid user credentials (privilege level L) but no user interaction. Publicly available exploit code exists, though EPSS indicates very low real-world exploitation probability (0.03%, 8th percentile). Despite the public POC, the CVSS 2.1 score and minimal impact scope (VC:L/VI:L/VA:L with no scope change) suggest limited practical risk in most deployments.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/actions/delete-member.php, enabling unauthorized database queries with limited confidentiality and integrity impact. The vulnerability requires valid administrative credentials and carries a CVSS score of 2.1 with low confidentiality and integrity impact but no availability risk. Publicly available exploit code exists, though real-world exploitation remains extremely limited based on a 0.03% EPSS score.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ename parameter in /admin/equipment-entry.php, enabling database query modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists but real-world risk is minimal due to low EPSS score (0.03%, 8th percentile), limited scope impact, and requirement for authenticated access despite the network attack vector.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the plan parameter in /admin/user-payment.php, resulting in limited data access. The vulnerability requires valid login credentials and has low real-world impact due to constrained scope (no server impact, no integrity violation), though publicly available exploit code exists and exploitation probability is minimal per EPSS analysis.
SQL injection in CodeAstro Gym Management System 1.0 via the fullname parameter in /customer/index.php allows authenticated remote attackers to execute arbitrary SQL queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation despite public POC availability, likely due to authentication requirement and narrow deployment scope of this niche management application.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical.php?action=delete_plan. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0.php?action=end_membership. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
GYM-MANAGEMENT-SYSTEM 1.0 has multiple SQL injection vulnerabilities in search and payment endpoints (member_search, trainer_search, gym_search, payment_search). PoC available.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/actions/remove-announcement.php, enabling unauthorized database query execution with limited confidentiality and integrity impact. Publicly available exploit code exists, but EPSS exploitation probability is extremely low (0.01th percentile), suggesting the vulnerability requires authenticated access and offers minimal real-world payoff despite network accessibility.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/actions/check-attendance.php, resulting in limited confidentiality and integrity compromise. The vulnerability requires valid administrator credentials, has publicly available exploit code, but carries very low real-world risk with an EPSS score of 0.03% due to authentication requirements and limited impact scope (CVE4.0 vector shows only partial confidentiality/integrity loss, no availability impact).
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/actions/delete-equipment.php. The vulnerability requires valid user credentials (PR:L) and has publicly available exploit code; however, the EPSS score of 0.03% and limited impact scope (VC:L/VI:L/VA:L) indicate low real-world exploitation probability despite technical exploitability.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /admin/edit-equipmentform.php. The vulnerability requires valid user credentials (privilege level L) but no user interaction. Publicly available exploit code exists, though EPSS indicates very low real-world exploitation probability (0.03%, 8th percentile). Despite the public POC, the CVSS 2.1 score and minimal impact scope (VC:L/VI:L/VA:L with no scope change) suggest limited practical risk in most deployments.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /admin/actions/delete-member.php, enabling unauthorized database queries with limited confidentiality and integrity impact. The vulnerability requires valid administrative credentials and carries a CVSS score of 2.1 with low confidentiality and integrity impact but no availability risk. Publicly available exploit code exists, though real-world exploitation remains extremely limited based on a 0.03% EPSS score.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the ename parameter in /admin/equipment-entry.php, enabling database query modification with low confidentiality, integrity, and availability impact. Publicly available exploit code exists but real-world risk is minimal due to low EPSS score (0.03%, 8th percentile), limited scope impact, and requirement for authenticated access despite the network attack vector.
SQL injection in CodeAstro Gym Management System 1.0 allows authenticated remote attackers to manipulate the plan parameter in /admin/user-payment.php, resulting in limited data access. The vulnerability requires valid login credentials and has low real-world impact due to constrained scope (no server impact, no integrity violation), though publicly available exploit code exists and exploitation probability is minimal per EPSS analysis.
SQL injection in CodeAstro Gym Management System 1.0 via the fullname parameter in /customer/index.php allows authenticated remote attackers to execute arbitrary SQL queries with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; however, the EPSS score of 0.03% (8th percentile) suggests minimal real-world exploitation despite public POC availability, likely due to authentication requirement and narrow deployment scope of this niche management application.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical.php?action=delete_plan. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0.php?action=end_membership. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in SourceCodester Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in Codezips Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.