16 matches found
CVE-2025-29208
CodeZips Gym Management System v1.0 is affected by an SQL injection in the name parameter of /dashboard/admin/deleteroutine.php. The CVE records a medium-severity issue (CVSS 6.5, Confidentiality/Integrity impact L, Availability impact N) with network attack vector, low complexity, no privileges,...
CVE-2025-1380
Codezips Gym Management System 1.0 contains a SQL injection vulnerability in the admin function /dashboard/admin/del_plan.php caused by improper handling of the parameter name. The issue is exploitable remotely and has been described as critical by multiple sources. Affected software is the Codez...
CVE-2025-0231
Codezips Gym Management System 1.0 is affected by a SQL injection in /dashboard/admin/submit_payments.php via the m_id parameter. Multiple sources (NVD, Red Hat, CVE listings, CNNVD, VulnDB enrichment, CIRCL sighting) describe a remote exploitation scenario with an impact on confidentiality, inte...
CVE-2025-1183
CVE-2025-1183 affects CodeZips Gym Management System 1.0. The vulnerability lies in the parameter login_id in file /dashboard/admin/more-userprofile.php , enabling remote SQL injection via an input that is not properly validated. Reported impact includes high confidentiality, integrity, and avail...
CVE-2025-1959
CVE-2025-1959 affects Codezips Gym Management System 1.0. The vulnerability exists in an unknown function of /change_s_pwd.php, where manipulation of the login_id/login_key parameters enables SQL injection. Exploitation is remote, and multiple sources confirm public disclosure. No official patch/...
CVE-2025-0532
Codezips Gym Management System 1.0 contains a SQL injection flaw in /dashboard/admin/new_submit.php via the m_id parameter. The vulnerability can be exploited remotely and the exploit has been disclosed publicly. Various advisories (Red Hat, CVE listings, and third-party feeds) corroborate a crit...
CVE-2025-1856
CVE-2025-1856 affects Codezips Gym Management System 1.0. The vulnerability is an SQL injection in the /dashboard/admin/gen_invoice.php file, triggered by manipulating the id parameter. It can be exploited remotely and is labeled critical by sources. Public disclosures exist. Remediation/patch de...
CVE-2025-2847
Codezips Gym Management System 1.0 contains a SQL injection vulnerability in /dashboard/admin/over_month.php caused by unsafe handling of the mm parameter. The issue is exploitable remotely and is publicly disclosed; it allows an attacker with network access to potentially impact confidentiality,...
CVE-2025-1188
CVE-2025-1188 affects Codezips Gym Management System 1.0. The vulnerability lies in the /dashboard/admin/updateroutine.php file where manipulation of the tid parameter enables SQL injection. Descriptions in multiple connected sources state the attack can be launched remotely and that the exploit ...
CVE-2025-0535
Codezips Gym Management System 1.0 is affected by a SQL injection in /dashboard/admin/edit_mem_submit.php via the uid parameter. The vulnerability’s root cause is unvalidated uid allowing attacker-controlled input to influence SQL queries. The CVE notes remote exploitation and public disclosure. ...
CVE-2025-0880
CVE-2025-0880 affects Codezips Gym Management System 1.0. The vulnerability is an SQL injection caused by manipulation of the planid parameter in /dashboard/admin/updateplan.php, reportedly exploitable remotely with the exploit publicly disclosed. The issue’s impact is disclosed as critical in th...
CVE-2025-0541
Codezips Gym Management System 1.0 contains a SQL injection in /dashboard/admin/edit_member.php caused by manipulation of the name parameter. The vulnerability allows remote exploitation and is publicly disclosed. Public sources do not specify a patch version; one advisory suggests restricting ac...
CVE-2025-0881
CVE-2025-0881 affects Codezips Gym Management System 1.0. The vulnerability is an SQL injection in /dashboard/admin/saveroutine.php caused by manipulating the rname parameter. It is exploitable remotely and has been disclosed publicly; multiple sources classify it as critical or high impact. Evid...
CVE-2025-0562
CVE-2025-0562 affects Codezips Gym Management System 1.0. A vulnerability in the file /dashboard/admin/health_status_entry.php allows manipulation of the usrid parameter, leading to SQL injection. The issue can be exploited remotely and, per sources, the exploit has been disclosed publicly. Remed...
CVE-2025-1206
CVE-2025-1206 - Codezips Gym Management System 1.0 is affected by an SQL injection in the /dashboard/admin/viewdetailroutine.php file through the id parameter. The vulnerability reportedly enables remote exploitation and has been disclosed publicly. Multiple sources (NVD, Red Hat, CVE feeds) corr...
CVE-2025-1854
CVE-2025-1854 affects Codezips Gym Management System 1.0. The vulnerability is in the file /dashboard/admin/del_member.php where manipulation of the argument name leads to SQL injection. The issue is exploitable remotely and has been disclosed publicly. Connected sources confirm a critical severi...