Enviar #488716: Codezips Gym Management System in PHP with Source Code V1.0 SQL Injectioninformación

TítuloCodezips Gym Management System in PHP with Source Code V1.0 SQL Injection
DescripciónA critical SQL injection vulnerability exists in the `planid`parameter within `/dashboard/admin/updateplan.php`. Attackers can inject arbitrary SQL code via specially crafted values, bypassing input validation. This could lead to unauthorized database access, data manipulation, and potentially full system compromise. - **Database Compromise**: Attackers can read, modify, or delete data. - **Data Leakage**: Sensitive customer/payment information could be exposed. - **System Interruption**: Malicious queries may degrade performance or crash the application. - **Privilege Escalation**: Potential elevation of privileges leading to broader system takeover.
Fuente⚠️ https://www.yuque.com/u21735104/brookes/za83ilxr9g2fkv8b
Usuario
 fanguoli (UID 80781)
Sumisión2025-01-24 14:20 (hace 1 Año)
Moderación2025-01-30 16:04 (6 days later)
EstadoAceptado
Entrada de VulDB294125 [Codezips Gym Management System 1.0 updateplan.php planid inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!