CVE-2026-4550
SQL Injection in Simple Gym Management System /gym/func.php
Publication date: 2026-03-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | simple_gym_management_system | to 1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Time-Based Blind SQL Injection in the Simple Gym Management System version 1.0, specifically affecting the /gym/func.php endpoint. It occurs because user inputs, such as the Trainer_id and fname parameters, are not properly validated or sanitized before being included directly in SQL queries. Attackers can inject malicious SQL code, including delay functions like SLEEP(), which causes measurable delays in server responses. This allows attackers to confirm the injection and infer database information without direct error messages.
The vulnerability enables attackers to extract sensitive data, enumerate the database schema, bypass authentication, and modify or delete data. Exploitation can potentially lead to full compromise of the application database depending on the privileges of the database account.
How can this vulnerability impact me? :
Exploitation of this vulnerability can have serious impacts including unauthorized access to sensitive information such as user and administrative credentials, manipulation or deletion of stored data, and potentially full compromise of the application database.
- Attackers can enumerate the database structure and extract confidential data.
- They can bypass authentication mechanisms.
- They can modify or delete application data, disrupting normal operations.
- Full database compromise may occur if the database account has high privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted HTTP POST requests to the /gym/func.php endpoint with SQL injection payloads in the vulnerable parameters (fname or Trainer_id) and observing the server response times.
For example, injecting a time-based payload such as a SQL SLEEP() function into the fname or Trainer_id parameter can cause a measurable delay (e.g., 15 seconds) in the server response if the injection is successful.
A practical approach is to intercept the registration request (using tools like Burp Suite) and modify the fname or Trainer_id parameter to include a payload like: orwa(select(0)from(select(sleep(15)))v)
If the server response is delayed accordingly, it confirms the presence of the SQL injection vulnerability.
No specific command-line commands are provided, but using HTTP request interception and modification tools (e.g., curl with crafted POST data or Burp Suite) is recommended.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Implement prepared statements with parameterized queries to safely handle user inputs instead of directly embedding them into SQL queries.
- Validate and sanitize all user inputs to prevent malicious data from being processed.
- Apply the principle of least privilege to the database account used by the application, limiting its permissions.
- Deploy a Web Application Firewall (WAF) to detect and block SQL injection attempts.