CVE-2025-12609

Medium CVSS: 5.1

A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Vendor

Codeastro

Product

Gym Management System

CWE

CWE-74

Yayın Tarihi

2025-11-03 02:15:41

Güncelleme

2026-02-24 07:16:38

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Gym Management System MEDIUM Codeastro 2025

Referanslar

https://codeastro.com/ https://github.com/iamzzzzz/iam/issues/1 https://vuldb.com/?ctiid.330904 https://vuldb.com/?id.330904 https://vuldb.com/?submit.678402 https://vuldb.com/?submit.678403

Benzer Kayıtlar

Medium

CVE-2026-3137

A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of th…

Critical

CVE-2025-70150

CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that al…

High

CVE-2025-70148

Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allo…

Critical

CVE-2025-70149

CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parame…

Medium

CVE-2025-14899

A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the f…

Medium

CVE-2025-14900

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown functi…