A vulnerability, which was classified as critical, has been found in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection.
This vulnerability is cataloged as CVE-2025-11589. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.