SQL Injection Vulnerability in itsourcecode Gym Management System
CVE-2024-6652

8.8HIGH

Key Information:

Vendor
Itsourcecode
Status
Gym Management System
Vendor
CVE Published:
10 July 2024

Summary

A critical security vulnerability has been identified in the Gym Management System 1.0 by itsourcecode, specifically within the manage_member.php file. The vulnerability arises from improper handling of input parameters, allowing attackers to manipulate the 'id' argument and execute arbitrary SQL queries. This SQL injection flaw may be exploited remotely, giving unauthorized access to the underlying database and impacting data integrity and confidentiality. Users are advised to implement necessary patches and security measures to mitigate potential attacks.

References

https://vuldb.com/?id.271059
https://vuldb.com/?ctiid.271059
https://vuldb.com/?submit.372193

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-6652 : SQL Injection Vulnerability in itsourcecode Gym Management System | SecurityVulnerability.io