CVE-2025-10851
Campcodes Gym Management System 1.0 contains a SQL injection in the /ajax.php?action=login endpoint caused by manipulating the Username parameter. This is exploitable remotely, and multiple sources confirm that an exploit has been released publicly. The CVE-2025-10851 records impact to unknown fu...