CVE-2025-67147

Name of the Vulnerable Software and Affected Versions Gym-Management-System-PHP version 1.0

Description The application contains multiple SQL Injection flaws. An attacker, whether authenticated or not, can potentially bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or gain administrator privileges. The vulnerabilities are present in several files and through specific parameters. The name, email, and comment parameters in the ''submit contact.php'' file are vulnerable. The username and pass key parameters in the ''secure login.php'' file are also susceptible. Finally, the login id, pwfield, and login key parameters in the ''change s pwd.php'' file are vulnerable to SQL Injection.

Recommendations Apply input validation and sanitization to the name, email, and comment parameters in the ''submit contact.php'' file. Apply input validation and sanitization to the username and pass key parameters in the ''secure login.php'' file. Apply input validation and sanitization to the login id, pwfield, and login key parameters in the ''change s pwd.php'' file.