SQL Injection Vulnerability in itsourcecode Gym Management System by itsourcecode
CVE-2025-4195
6.9MEDIUM
Key Information:
- Vendor
Itsourcecode
- Status
- Vendor
- CVE Published:
- 2 May 2025
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-4195?
A SQL injection vulnerability exists in the itsourcecode Gym Management System 1.0, specifically within the ajax.php script during the member save operation. This flaw allows attackers to manipulate the umember_id parameter, potentially leading to unauthorized database access and data manipulation. The vulnerability can be exploited remotely, posing significant risks for exposed installations. Public disclosure of this vulnerability highlights the urgency for affected users to apply mitigations and secure their systems.
Affected Version(s)
Gym Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.