Fanguoli

**Name of the Vulnerable Software and Affected Versions** Codezips Gym Management System version 1.0 **Description** A critical issue affects the processing of the file "/dashboard/admin/updateplan.php". The manipulation of the `planid` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For Codezips Gym Management System version 1.0, consider disabling the `planid` parameter in the "/dashboard/admin/updateplan.php" file as a temporary workaround until a patch is available. Restrict access to the "/dashboard/admin/updateplan.php" file to minimize the risk of exploitation. Avoid using the `planid` parameter in the affected file until the issue is resolved.