Description

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.

INFO

Published Date :

2026-01-12T00:00:00.000Z

Last Modified :

2026-01-12T21:25:47.231Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67146 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67146.

URL Resource
https://github.com/AbhishekMali21/GYM-MANAGEMENT-SYSTEM/issues/4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System