CVE-2025-13172

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0

Description A security flaw exists in CodeAstro Gym Management System version 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/view-member-report.php file. Manipulation of the ID argument can trigger the injection. This attack can be initiated remotely. The exploit is publicly available.

Recommendations Apply any available updates or patches for CodeAstro Gym Management System version 1.0. As a temporary workaround, restrict access to the /admin/view-member-report.php file. Sanitize the ID argument before using it in any database queries.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-13172

Affected Products

Codeastro Gym Management System

CVE-2025-13172

Weakness Enumeration

Related Identifiers

Affected Products

References · 9