CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2703 – SourceCodester Gym Management System Exercises Module sql injection
https://notcve.org/view.php?id=CVE-2022-2703
A vulnerability was found in SourceCodester Gym Management System. It has been classified as critical. This affects an unknown part of the component Exercises Module. The manipulation of the argument exer leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/gdianq/Gym-Management-Exercises-Sqlinjection/blob/main/README.md https://vuldb.com/?id.205827 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2700 – SourceCodester Gym Management System GET Parameter sql injection
https://notcve.org/view.php?id=CVE-2022-2700
A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gdianq/Gym-Management-System-Sqlinjection/blob/main/README.md https://vuldb.com/?id.205821 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2687 – SourceCodester Gym Management System sql injection
https://notcve.org/view.php?id=CVE-2022-2687
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/gdianq/Gym-Management-System-loginpage-Sqlinjection/blob/main/README.md https://vuldb.com/?id.205734 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 11%CPEs: 1EXPL: 1CVE-2020-29288
https://notcve.org/view.php?id=CVE-2020-29288
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable. Se detectó una vulnerabilidad de inyección SQL en Gym Management System. En el archivo manage_user.php, el parámetro GET 'id' es vulnerable • https://github.com/BigTiger2020/Gym-Management-System/blob/main/README.md https://www.exploit-db.com/exploits/48936 https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28129
https://notcve.org/view.php?id=CVE-2020-28129
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'. Una vulnerabilidad de tipo Cross-site scripting (XSS) almacenado en SourceCodester Gym Management System versión 1.0, permite a usuarios inyectar y almacenar código JavaScript arbitrario en index.php?page=packages por medio de los campos vulnerables "Package Name" y "Description" • https://www.exploit-db.com/exploits/48941 https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •