PT-2026-22684 · Unknown · Simple Gym Management System

Thirtypenny77

Publicado

2026-03-02

Atualizado

2026-03-03

CVE-2026-26709

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Simple Gym Management System version 1.0

Description The Simple Gym Management System version 1.0 is susceptible to SQL Injection. This issue affects the /gym/trainer search.php endpoint. The trainer search.php script is vulnerable due to insufficient input validation, potentially allowing an attacker to manipulate database queries through the injection of malicious SQL code. The vulnerable parameter is not specified.

Recommendations Apply input validation and sanitization techniques to all user-supplied data used in SQL queries within the /gym/trainer search.php script.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-26709

Produtos afetados

Simple Gym Management System

PT-2026-22684 · Unknown · Simple Gym Management System

CVE-2026-26709

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7