Freeprojectscodes · Sports Club Management System · CVE-2025-13422
**Name of the Vulnerable Software and Affected Versions**
freeprojectscodes Sports Club Management System version 1.0
**Description**
A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the `/dashboard/admin/change s pwd.php` file. Manipulation of the `login id` argument can trigger the injection. The attack can be initiated remotely, and details about the exploit are publicly available.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.