SQL Injection Vulnerability in CodeZips Gym Management System
CVE-2025-29208

6.5MEDIUM

Key Information:

Vendor: CodeZips
Status: Gym Management System
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-29208?

The Gym Management System by CodeZips is susceptible to SQL injection attacks via the 'name' parameter in the deleteroutine.php script within the admin dashboard. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data or manipulation of the database. Proper input validation and parameterized queries should be implemented to mitigate this security risk.

References

https://github.com/LLz-7/CVE/blob/main/CVE_1.md

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025