CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-29288
https://notcve.org/view.php?id=CVE-2020-29288
02 Dec 2020 — An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable. Se detectó una vulnerabilidad de inyección SQL en Gym Management System. En el archivo manage_user.php, el parámetro GET 'id' es vulnerable • https://github.com/BigTiger2020/Gym-Management-System/blob/main/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28129
https://notcve.org/view.php?id=CVE-2020-28129
17 Nov 2020 — Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'. Una vulnerabilidad de tipo Cross-site scripting (XSS) almacenado en SourceCodester Gym Management System versión 1.0, permite a usuarios inyectar y almacenar código JavaScript arbitrario en index.php?page=packages por medio de los campos vulnerables "Package Name" y "Descriptio... • https://www.exploit-db.com/exploits/48941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •