CVE-2023-37068

Name of the Vulnerable Software and Affected Versions Code-Projects Gym Management System version V1.0

Description The issue allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

Recommendations For Code-Projects Gym Management System version V1.0, consider implementing proper validation and sanitization of user-supplied input in the username and password fields to prevent SQL Injection attacks. As a temporary workaround, restrict access to the login form until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.