Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.

INFO

Published Date :

2026-01-12T00:00:00.000Z

Last Modified :

2026-01-12T21:21:52.528Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67147 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67147.

URL Resource
https://github.com/amansuryawanshi/Gym-Management-System-PHP/issues/3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System