Submit #485218: Codezips Gym Management System V1.0 SQL Injectioninfo

TitleCodezips Gym Management System V1.0 SQL Injection
DescriptionA critical SQL injection vulnerability exists in the planidparameter within /dashboard/admin/submit_plan_new.php. Attackers can inject arbitrary SQL code via specially crafted values, bypassing input validation. This could lead to unauthorized database access, data manipulation, and potentially full system compromise. Database Compromise: Attackers can read, modify, or delete data. Data Leakage: Sensitive customer/payment information could be exposed. System Interruption: Malicious queries may degrade performance or crash the application. Privilege Escalation: Potential elevation of privileges leading to broader system takeover.
Source⚠️ https://github.com/alc9700jmo/CVE/issues/8
User
 alc9700 (UID 79368)
Submission01/19/2025 11:58 (1 Year ago)
Moderation01/28/2025 15:49 (9 days later)
StatusAccepted
VulDB entry293924 [Codezips Gym Management System 1.0 submit_plan_new.php planid sql injection]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!