PT-2026-27012 · Code Projects · Simple Gym Management System

Ahmadmarzook

Publicado

2026-03-22

Atualizado

2026-03-23

CVE-2026-4550

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Simple Gym Management System versions prior to 1.1

Description A SQL injection issue exists in code-projects Simple Gym Management System. The issue is located in an unknown part of the /gym/func.php file. Manipulation of the Trainer id/fname argument can lead to SQL injection. The attack can be executed remotely. The exploit has been publicly disclosed.

Recommendations Update to version 1.1 or later. As a temporary workaround, sanitize the Trainer id and fname parameters before using them in SQL queries.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2026-4550

Produtos afetados

Simple Gym Management System

PT-2026-27012 · Code Projects · Simple Gym Management System

CVE-2026-4550

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11