Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.p…
Published:
11 January 2026 at 23:00:00
Alert date:
12 January 2026 at 23:02:09
Source:
nvd.nist.gov
Web Technologies, Database & Storage
Multiple SQL injection vulnerabilities discovered in AbhishekMali21 GYM-MANAGEMENT-SYSTEM version 1.0. Four separate vulnerabilities affect search functionality through the 'name' parameter in member_search.php, trainer_search.php, and gym_search.php files, and the 'id' parameter in payment_search.php. These vulnerabilities allow unauthenticated remote attackers to inject malicious SQL commands. Successful exploitation can lead to unauthorized data extraction, authentication bypass, and modification of database contents. The vulnerabilities pose a significant risk as they require no authentication to exploit.
Technical details
Mitigation steps:
Affected products:
AbhishekMali21 GYM-MANAGEMENT-SYSTEM
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-67146
https://github.com/AbhishekMali21/GYM-MANAGEMENT-SYSTEM/issues/4
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.