CVE-2025-67147
Multiple SQL Injection in Gym-Management-System PHP Enables Admin Takeover
Publication date: 2026-01-12
Last updated on: 2026-01-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amansuryawanshi | gym-management-system-php | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability consists of multiple SQL Injection flaws in the Gym-Management-System-PHP application. Specifically, unsafe handling of user inputs in the 'submit_contact.php', 'secure_login.php', and 'change_s_pwd.php' files allows attackers to inject malicious SQL code. This happens because user inputs are directly concatenated into SQL queries without proper sanitization or use of prepared statements. As a result, attackers can bypass authentication, execute arbitrary SQL commands, modify or delete database records, and escalate privileges to administrator level. [1]
How can this vulnerability impact me? :
Exploitation of these SQL Injection vulnerabilities can lead to severe impacts including unauthorized authentication bypass (allowing attackers to gain admin access), extraction of sensitive user data, modification or deletion of database records, and privilege escalation from normal users to administrators. This compromises the confidentiality, integrity, and availability of the system and its data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the vulnerable parameters for SQL Injection using crafted inputs. For example, sending POST requests with SQL injection payloads such as ' OR 1=1 -- to the parameters 'name', 'email', and 'comment' in submit_contact.php, or 'admin' OR '1'='1' -- in the username field of secure_login.php can reveal if the system is vulnerable. Commands using curl to test could be: 1. curl -X POST -d "name=' OR 1=1 --&[email protected]&message=test" http://yourserver/submit_contact.php 2. curl -X POST -d "username=admin' OR '1'='1' --&pass_key=any" http://yourserver/secure_login.php 3. curl -X POST -d "login_id=admin&pwfield=' OR 1=1 --&login_key=key" http://yourserver/change_s_pwd.php Observing successful authentication bypass or unexpected database changes indicates the presence of the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include refactoring all database interactions to use prepared statements with parameter binding (e.g., mysqli_prepare() and mysqli_stmt_bind_param()) instead of directly concatenating user inputs into SQL queries. This prevents SQL injection by safely handling user inputs. Additionally, review and sanitize all inputs in submit_contact.php, secure_login.php, and change_s_pwd.php. Applying patches or updates that fix these issues, restricting access to these scripts, and monitoring for suspicious activity are also recommended. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized attackers to bypass authentication, access sensitive user data, modify or delete database records, and escalate privileges to administrator level. Such unauthorized access and potential data breaches can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring data integrity and confidentiality. [1]