11 matches found
CVE-2025-12242
CVE-2025-12242 affects CodeAstro Gym Management System 1.0. The vulnerability is in an unknown function of the file /admin/actions/check-attendance.php , where manipulating the ID parameter leads to a SQL injection . It can be exploited remotely, and the exploit has been disclosed. The connected ...
CVE-2025-12610
CVE-2025-12610 affects CodeAstro Gym Management System 1.0, with a SQL injection in the /admin/view-progress-report.php file. The vulnerability arises from manipulated the ID parameter, potentially enabling remote exploitation. Public disclosures exist for the exploit. Affected component is the v...
CVE-2025-12261
CodeAstro Gym Management System 1.0 is affected by a SQL injection in /admin/actions/remove-announcement.php caused by manipulation of the ID parameter. The vulnerability can be exploited remotely and the exploit has been made public. Affected product/component: CodeAstro Gym Management System 1....
CVE-2025-11589
CodeAstro Gym Management System 1.0 has a SQL injection in /admin/user-payment.php triggered by manipulating the plan parameter. The vulnerability is exploitable remotely and an exploit has been released publicly. The exact root cause is an insecure handling of the plan argument leading to SQL in...
CVE-2025-11591
CodeAstro Gym Management System 1.0 is affected by a SQL injection in /admin/actions/delete-member.php caused by manipulation of the ID parameter. Multiple sources (NVD, Red Hat, CVE lists) confirm remote exploitability and public disclosure. The vulnerability arises in the delete-member function...
CVE-2025-11592
CVE-2025-11592 affects CodeAstro Gym Management System v1.0. The vulnerability is in the file /admin/edit-equipmentform.php, where manipulation of the ID parameter leads to SQL injection. The issue is exploitable remotely and, according to the connected sources, the exploit is public. Root cause:...
CVE-2025-11593
CVE-2025-11593 affects CodeAstro Gym Management System 1.0. The vulnerability resides in the file /admin/actions/delete-equipment.php where manipulation of the ID parameter leads to an SQL injection. The issue can be triggered remotely over a network, with an exploit published and potentially usa...
CVE-2025-11588
CodeAstro Gym Management System 1.0 contains a SQL injection in /customer/index.php caused by manipulating the fullname argument. The issue is exploitable remotely, with publicly available exploit material. Multiple connected sources consistently report the same root cause and impact, with CVEs a...
CVE-2025-11590
CVE-2025-11590 affects CodeAstro Gym Management System 1.0. The vulnerability is a SQL injection in the unknown functionality of /admin/equipment-entry.php via manipulation of the ename parameter. It is exploitable remotely, with public exploit information available. Connected sources do not prov...
CVE-2025-12609
CVE-2025-12609 affects CodeAstro Gym Management System 1.0. The vulnerability exists in /admin/update-progress.php, where manipulating the id/ini_weight argument enables SQL injection. It is a remote issue with publicly available exploit information across multiple sources, indicating real-world ...
CVE-2025-13172
CVE-2025-13172 affects CodeAstro Gym Management System 1.0. A SQL injection vulnerability exists in an unknown function of /admin/view-member-report.php triggered by manipulating the ID parameter. Exploitation is possible remotely, and public exploits have been released. NVD reports a high-severi...