Description
Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:LAvailabilityWeaknesses
Affected Products
Attack Graph
Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.
Exploitability
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsMITRE ATT&CK
1 techniqueReferences
Timeline
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2025-67146 and every CVE in our database. Create a free account — no credit card required.
Create Free Account