| 标题 | code-projects GYM MANAGEMENT SYSTEM 1 SQL Injection |
|---|
| 描述 | Although this Gym Management System in PHP is a simple mini project designed to manage members, trainers, and exercises from both admin and user panels, the current
implementation introduces multiple security risks.
Because several features rely on direct user-controlled input (especially in admin management operations), the application is vulnerable to critical issues such as SQL
Injection, weak authentication/session handling, and missing request protection.
As a result, an attacker may be able to access or manipulate sensitive gym records without proper authorization. These weaknesses indicate that the project lacks secure
input handling and defensive controls in key business modules.
|
|---|
| 来源 | ⚠️ https://fox-byte.yuque.com/org-wiki-fox-byte-ig3xms/rdgsp5/yg012bnp1xorwq0p |
|---|
| 用户 | Red0 (UID 96252) |
|---|
| 提交 | 2026-04-15 09時54分 (2 月前) |
|---|
| 管理 | 2026-04-30 21時04分 (15 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 360361 [code-projects Gym Management System 1.0 edit_exercises.php edit_exercise SQL注入] |
|---|
| 积分 | 20 |
|---|