CVE-2023-5185

Name of the Vulnerable Software and Affected Versions Gym Management System Project version 1.0

Description The issue is related to an Insecure File Upload vulnerability on the file parameter of the "profile/i.php" page. This allows an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Recommendations For Gym Management System Project version 1.0, as a temporary workaround, consider disabling the file upload functionality on the "profile/i.php" page until a patch is available. Restrict access to the "profile/i.php" page to minimize the risk of exploitation. Avoid using the file parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.