CVE-2025-1959 | Codezips Gym Management System 1.0 /change_s_pwd.php login_id sql injection

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /change_s_pwd.php. The manipulation of the argument login_id leads to sql injection.

This vulnerability is traded as CVE-2025-1959. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-1959 | Codezips Gym Management System 1.0 /change_s_pwd.php login_id sql injection

Post correlati

CVE-2024-7084 | Ernest Marcinko Ajax Search Lite Plugin up to 4.12.0 on WordPress cross site scripting

CVE-2024-28187 | inunosinsi soycms up to 3.14.1 jpegoptim os command injection (GHSA-qg3q-hfgc-5jmm)

CVE-2025-1644 | Benner ModernaNet up to 1.2.0 /DadosPessoais/SG_Gravar idItAg cross-site request forgery

CVE-2024-9566 | D-Link DIR-619L B1 2.06 /goform/formDeviceReboot next_page buffer overflow