CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1434 matches found

CNNVD•added 2025/10/10 12:0 a.m.•3 views

CodeAstro Gym Management System SQL注入漏洞

CodeAstro Gym Management System is a gym management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Gym Management System version 1.0, which stems from an incorrect manipulation of the parameter plan in the file /admin/user-payment.php, which could lead to an SQL injectio...

8.8CVSS6.9AI score0.00346EPSS

Exploits1References5

Positive Technologies•added 2025/10/10 12:0 a.m.•4 views

PT-2025-41608

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/user-payment.php file. Manipulation of th...

6.5CVSS6.5AI score0.00346EPSS

Exploits1References10

Positive Technologies•added 2025/10/10 12:0 a.m.•2 views

PT-2025-41607

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System 1.0 that allows for SQL injection. This occurs through manipulation of the fullname argument within the file '/customer/index.php'. The...

6.5CVSS6.4AI score0.00304EPSS

Exploits1References9

CNNVD•added 2025/10/10 12:0 a.m.•4 views

CodeAstro Gym Management System SQL注入漏洞

CodeAstro Gym Management System is a gym management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Gym Management System version 1.0, which stems from an incorrect manipulation of the parameter fullname in the file /customer/index.php, which could lead to a SQL injection...

8.8CVSS6.9AI score0.00304EPSS

Exploits1References5

RedhatCVE•added 2025/10/08 8:19 p.m.•2 views

CVE-2025-11118

A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be...

9.8CVSS7AI score0.00431EPSS

Exploits1References1