CVE-2026-26709

Name of the Vulnerable Software and Affected Versions Simple Gym Management System version 1.0

Description The Simple Gym Management System version 1.0 is susceptible to SQL Injection. This issue affects the /gym/trainer search.php endpoint. The trainer search.php script is vulnerable due to insufficient input validation, potentially allowing an attacker to manipulate database queries through the injection of malicious SQL code. The vulnerable parameter is not specified.

Recommendations Apply input validation and sanitization techniques to all user-supplied data used in SQL queries within the /gym/trainer search.php script.