Moliang

**Name of the Vulnerable Software and Affected Versions** CodeAstro Gym Management System version 1.0 **Description** A flaw exists in CodeAstro Gym Management System version 1.0 that allows for SQL injection. This occurs through manipulation of the `ID` argument in the file '/admin/actions/remove-announcement.php'. The attack can be initiated remotely. The exploit has been made public. **Recommendations** Apply any available updates or patches to address the SQL injection issue in the '/admin/actions/remove-announcement.php' file. As a temporary workaround, restrict access to the '/admin/actions/remove-announcement.php' file. Sanitize the `ID` parameter before using it in SQL queries.