CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2745 – SourceCodester Gym Management System Add New Trainer add_trainers.php sql injection
https://notcve.org/view.php?id=CVE-2022-2745
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file /admin/add_trainers.php of the component Add New Trainer. The manipulation of the argument trainer_name leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-206013 was assigned to this vulnerability. • https://vuldb.com/?id.206013 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2744 – SourceCodester Gym Management System Background Management add_exercises.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-2744
A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality of the file /admin/add_exercises.php of the component Background Management. The manipulation of the argument exer_img leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-206012. • https://vuldb.com/?id.206012 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2728 – SourceCodester Gym Management System index.php sql injection
https://notcve.org/view.php?id=CVE-2022-2728
A vulnerability was found in SourceCodester Gym Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /mygym/admin/index.php. The manipulation of the argument edit_tran leads to sql injection. The attack may be launched remotely. • https://github.com/Blythe-LU/Record2/blob/main/Gym%20Management%20System%20Project%20-%20SQL%20injection.md https://vuldb.com/?id.205856 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2727 – SourceCodester Gym Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-2727
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/login.php. The manipulation of the argument admin_email/admin_pass leads to sql injection. The attack can be launched remotely. • https://github.com/Blythe-LU/Record2/blob/main/Gym%20Management%20System%20Project%20-%20SQL%20injection.md https://vuldb.com/?id.205855 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2708 – SourceCodester Gym Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2022-2708
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input 123@xx.com' OR (SELECT 9084 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT (ELT(9084=9084,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- dPvW leads to sql injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.205833 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •