CVE-2025-4195

Name of the Vulnerable Software and Affected Versions iSourcecode Gym Management System version 1.0

Description A critical vulnerability was found in the iSourcecode Gym Management System. This issue affects the file /ajax.php?action=save member, where the manipulation of the umember id argument leads to SQL injection. The attack can be initiated remotely.

Recommendations For iSourcecode Gym Management System version 1.0, as a temporary workaround, consider restricting access to the /ajax.php?action=save member endpoint until a patch is available. Avoid using the umember id argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.