| Title | code-projects Simple Gym Management System in PHP 1.0 SQL Injection |
|---|
| Description | The Simple Gym Management System in PHP 1.0 is vulnerable to a Time-Based Blind SQL Injection vulnerability in the fname parameter processed by the /gym/func.php endpoint. The vulnerability occurs due to improper validation and sanitization of user-supplied input before it is incorporated into SQL queries executed by the backend database.
During the member registration process in the administrative panel, the application accepts several parameters including fname, lname, email, contact, and docapp. These parameters are submitted via an HTTP POST request and processed by the func.php script. However, the fname parameter is directly embedded into a database query without the use of prepared statements or proper input filtering, allowing attackers to manipulate the SQL query.
An attacker can exploit this issue by injecting specially crafted SQL payloads into the fname parameter. By leveraging database delay functions such as SLEEP(), the attacker can trigger measurable response delays from the server. This confirms that the injected SQL statements are executed by the backend database. Because the application does not display database errors, the vulnerability can be exploited using a time-based blind SQL injection technique, where attackers infer database responses based on differences in server response times.
Testing with automated exploitation tools confirmed that arbitrary SQL commands can be executed through the vulnerable parameter. The vulnerability allowed retrieval of the current database name (loginsystem), demonstrating that the backend MySQL database can be queried through injected SQL statements.
Successful exploitation of this vulnerability could allow attackers to enumerate database structures, extract sensitive data such as user records or administrator credentials, modify stored data, or perform other malicious actions depending on the privileges of the database account used by the application. The root cause of this issue is the absence of proper input validation and the failure to implement parameterized database queries when handling user-controlled input. |
|---|
| Source | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Time-Based%20Blind%20SQL%20Injection%20in%20Simple%20Gym%20Management%20System%20in%20PHP.md |
|---|
| User | AhmadMarzook (UID 96211) |
|---|
| Submission | 03/07/2026 21:49 (1 month ago) |
|---|
| Moderation | 03/21/2026 17:51 (14 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 352377 [code-projects Simple Gym Management System up to 1.0 /gym/func.php Trainer_id/fname sql injection] |
|---|
| Points | 0 |
|---|