Enviar #474596: Gym Management System V1.0 SQL Injectioninformación

TítuloGym Management System V1.0 SQL Injection
DescripciónA critical SQL injection vulnerability exists in the m_id parameter within /dashboard/admin/submit_payments.php. Attackers can inject arbitrary SQL code via specially crafted values, bypassing input validation. This could lead to unauthorized database access, data manipulation, and potentially full system compromise. Database Compromise: Attackers can read, modify, or delete data. Data Leakage: Sensitive customer/payment information could be exposed. System Interruption: Malicious queries may degrade performance or crash the application. Privilege Escalation: Potential elevation of privileges leading to broader system takeover.
Fuente⚠️ https://github.com/gh464646/CVE/issues/1
Usuario
 ghgh (UID 79750)
Sumisión2025-01-04 09:03 (hace 1 Año)
Moderación2025-01-04 20:48 (12 hours later)
EstadoAceptado
Entrada de VulDB290227 [Codezips Gym Management System 1.0 submit_payments.php m_id inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!