SQL Injection Vulnerability in itsourcecode Gym Management System
CVE-2024-6652

8.8HIGH

Key Information:

Vendor: Itsourcecode
Status: Gym Management System
Vendor: CVE Published:; 10 July 2024

🔔 Create Itsourcecode Vulnerability Alert

What is CVE-2024-6652?

A critical security vulnerability has been identified in the Gym Management System 1.0 by itsourcecode, specifically within the manage_member.php file. The vulnerability arises from improper handling of input parameters, allowing attackers to manipulate the 'id' argument and execute arbitrary SQL queries. This SQL injection flaw may be exploited remotely, giving unauthorized access to the underlying database and impacting data integrity and confidentiality. Users are advised to implement necessary patches and security measures to mitigate potential attacks.

References

https://vuldb.com/?id.271059

https://vuldb.com/?ctiid.271059

https://vuldb.com/?submit.372193

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024