SQL Injection Vulnerability in itsourcecode Gym Management System
CVE-2024-6652
8.8HIGH
What is CVE-2024-6652?
A critical security vulnerability has been identified in the Gym Management System 1.0 by itsourcecode, specifically within the manage_member.php
file. The vulnerability arises from improper handling of input parameters, allowing attackers to manipulate the 'id' argument and execute arbitrary SQL queries. This SQL injection flaw may be exploited remotely, giving unauthorized access to the underlying database and impacting data integrity and confidentiality. Users are advised to implement necessary patches and security measures to mitigate potential attacks.