SourceCodester Gym Management System GET Parameter sql injection
CVE-2022-2700

4.7MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Gym Management System
Vendor: CVE Published:; 8 August 2022

Summary

A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205821 was assigned to this vulnerability.

Affected Version(s)

Gym Management System

References

https://github.com/gdianq/Gym-Management-System-Sqlinject...

x_refsource_MISC

https://vuldb.com/?id.205821

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2022
Vulnerability Reserved
Aug 7, 2022