CVE-2025-11589

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

EUVD-2025-33782

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

CVE-2025-11589

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589 CodeAstro Gym Management System user-payment.php sql injection

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589 CodeAstro Gym Management System user-payment.php sql injection

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released t...

CVE-2025-11589

CodeAstro Gym Management System 1.0 has a SQL injection in /admin/user-payment.php triggered by manipulating the plan parameter. The vulnerability is exploitable remotely and an exploit has been released publicly. The exact root cause is an insecure handling of the plan argument leading to SQL in...

PT-2025-41608

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/user-payment.php file. Manipulation of th...

CVE-2025-46192

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userpaymentupdate.php via the orderid POST parameter...

PT-2025-20582

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description The software is susceptible to a SQL Injection issue within the user payment update.php file. The issue occurs through the order id POST parameter. The vulnerability allo...

SourceCodester Client Database Management System 安全漏洞

SourceCodester Client Database Management System is a SourceCodester open source client database management system. A security vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from SQL injection due to incorrect operation of the parameter...

CVE-2025-46192

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in userpaymentupdate.php via the orderid POST parameter...

SourceCodester Client Database Management System 安全漏洞

SourceCodester Client Database Management System is a SourceCodester open source client database management system. A security vulnerability exists in SourceCodester Client Database Management System version 1.0, which originates from a misbehavior of the parameter uploadedfilecancelled in...

Zomato: Availing Zomato gold by using a random third-party `wallet_id`

We received a report from @pandaaaa wherein he demonstrated a way to avail Zomato Gold membership using random Zomato User's wallet. The report was triaged and rewarded with critical severity with a CVSS score of 9.3. It was considered critical since a random user's wallet could have been used fo...

My NJ Client APP has an overstepping vulnerability

My Nanjing Client APP is a city-level public service mobile application that integrates all kinds of living information in Nanjing. There is a vulnerability in the authentication mechanism of the social security payment query function of My Nanjing Client APP, which allows an attacker to view the...