SQL Injection in itsourcecode Gym Management System Affects User Data
CVE-2025-4363
Key Information:
- Vendor
- Itsourcecode
- Status
- Vendor
- CVE Published:
- 6 May 2025
Badges
Summary
A SQL injection vulnerability exists within the itsourcecode Gym Management System 1.0, specifically impacting the processing of requests to /ajax.php?action=end_membership. This flaw allows attackers to manipulate the rid parameter, potentially enabling unauthorized access and modifications to the database. Remote exploitation of this vulnerability poses significant risks to the confidentiality and integrity of user data, making it essential for users of the affected version to apply necessary security measures.
Affected Version(s)
Gym Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved