提交 #496409: Codezips Gym Management System in PHP with Source Code v1.0 SQL Injection信息

标题Codezips Gym Management System in PHP with Source Code v1.0 SQL Injection
描述A critical SQL injection vulnerability exists in the tidparameter within /dashboard/admin/updateroutine.php. Attackers can inject arbitrary SQL code via specially crafted values, bypassing input validation. This could lead to unauthorized database access, data manipulation, and potentially full system compromise. Database Compromise: Attackers can read, modify, or delete data. Data Leakage: Sensitive customer/payment information could be exposed. System Interruption: Malicious queries may degrade performance or crash the application. Privilege Escalation: Potential elevation of privileges leading to broader system takeover.
来源⚠️ https://github.com/takakie/CVE/blob/main/cve_1.md
用户
 takakie (UID 49499)
提交2025-02-07 05時57分 (1 年前)
管理2025-02-10 13時56分 (3 days later)
状态已接受
VulDB条目295094 [Codezips Gym Management System 1.0 updateroutine.php tid SQL注入]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!