Multiple SQL injection vulnerabilities discovered in amansuryawanshi Gym-Management-System-PHP version 1.0. Vulnerabilities exist in three PHP files: submit_contact.php (name, email, comment parameters), secure_login.php (username, pass_key parameters), and change_s_pwd.php (login_id, pwfield, login_key parameters). Both unauthenticated and authenticated attackers can exploit these flaws to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level. The vulnerabilities affect critical functions including contact submission, login authentication, and password change functionality.