CVE-2025-4363 itsourcecode Gym Management System ajax.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=endmembership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. Th...

CVE-2025-4362 itsourcecode Gym Management System ajax.php sql injection

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=savemembership. The manipulation of the argument memberid leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4359 itsourcecode Gym Management System ajax.php sql injection

A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deletemember. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4310

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/addtopic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely...

CVE-2025-4311

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/updatemaintopicimg.php?topicid=529. The manipulation of the argument stopicid leads to sql injection. The attack can be initiated remotely. Th...

CVE-2025-4311 itsourcecode Content Management System update_main_topic_img.php sql injection

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/updatemaintopicimg.php?topicid=529. The manipulation of the argument stopicid leads to sql injection. The attack can be initiated remotely. Th...

CVE-2025-4311

CVE-2025-4311 affects itsourcecode Content Management System 1.0. The vulnerability resides in the /admin/update_main_topic_img.php?topic_id=529 endpoint, where manipulation of the topic_id parameter enables SQL injection. Exploitation is possible remotely, and public disclosure exists. Multiple ...

CVE-2025-4311 itsourcecode Content Management System update_main_topic_img.php sql injection

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/updatemaintopicimg.php?topicid=529. The manipulation of the argument stopicid leads to sql injection. The attack can be initiated remotely. Th...

CVE-2025-4310 itsourcecode Content Management System add_topic.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/addtopic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely...

CVE-2025-4310 itsourcecode Content Management System add_topic.php unrestricted upload

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/addtopic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely...

CVE-2025-4310

The CVE-2025-4310 entry affects itsourcecode Content Management System 1.0. The vulnerability lies in the /admin/add_topic.php?category=BBS endpoint where the Cover Image parameter can be manipulated to achieve unrestricted file uploads. This is caused by improper validation/handling of the Cover...

CVE-2025-4301

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4301 itsourcecode Content Management System search-notice.php sql injection

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...

CVE-2025-4301

The CVE-2025-4301 entry affects itsourcecode Content Management System 1.0. Affected component: the file /search-notice.php. Root cause: manipulation of the searchdata parameter leads to SQL injection. Impact: remotely exploitable with potential unauthorized access or data exposure, as reflected ...

CVE-2025-4300

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /searchlist.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4300

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /searchlist.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4300 itsourcecode Content Management System search_list.php sql injection

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /searchlist.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4300

CVE-2025-4300 affects itsourcecode Content Management System 1.0. The vulnerability is a SQL injection in an unknown function within /search_list.php triggered by manipulating the Search parameter. It is exploitable remotely and multiple sources state the exploit has been publicly disclosed. Tech...

itsourcecode Gym Management System 安全漏洞

itsourcecode Gym Management System is an open source gym management system by itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Gym Management System, which is caused by an SQL injection due to misuse of the parameter rid in file/ajax.php...