CVE-2020-29288

Name of the Vulnerable Software and Affected Versions Gym Management System (affected versions not specified)

Description A SQL injection issue was found in the Gym Management System, specifically in the manage user.php file. The id parameter, which is passed via GET requests, is vulnerable to SQL injection attacks. This could potentially allow an attacker to execute malicious SQL code.

Recommendations As a temporary workaround, consider restricting access to the manage user.php file until a patch is available. Avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.