VYPR

Gym Management System

by Codeastro

CVEs (49)

  • CVE-2026-8132HigMay 8, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the…

  • CVE-2026-36387MedMay 7, 2026
    risk 0.42cvss 6.5epss 0.00

    A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.

  • CVE-2026-11510MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2026-11509MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote.

  • CVE-2026-11508MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried…

  • CVE-2026-11507MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made…

  • CVE-2026-11506MedJun 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit…

  • CVE-2026-9542MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit…

  • CVE-2025-13172MedNov 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has…

  • CVE-2025-12261MedOct 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has…

  • CVE-2025-12242MedOct 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely.…

  • CVE-2025-11593MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published…

  • CVE-2025-11592MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be…

  • CVE-2025-11591MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-11590MedOct 11, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql injection. It is possible to launch the attack…

  • CVE-2025-11589MedOct 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-11588MedOct 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available…

  • CVE-2025-12610MedNov 3, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been…

  • CVE-2025-12609MedNov 3, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely.…

  • CVE-2024-25869Feb 28, 2024
    risk 0.04cvss epss 0.19

    An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.

Page 1 of 3