Gym Management System
by Codeastro
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8132 | Hig | 0.47 | 7.3 | 0.00 | May 8, 2026 | A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the… | ||
| CVE-2026-36387 | Med | 0.42 | 6.5 | 0.00 | May 7, 2026 | A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE. | ||
| CVE-2026-11510 | Med | 0.41 | 6.3 | 0.00 | Jun 8, 2026 | A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The… | ||
| CVE-2026-11509 | Med | 0.41 | 6.3 | 0.00 | Jun 8, 2026 | A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. | ||
| CVE-2026-11508 | Med | 0.41 | 6.3 | 0.00 | Jun 8, 2026 | A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried… | ||
| CVE-2026-11507 | Med | 0.41 | 6.3 | 0.00 | Jun 8, 2026 | A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made… | ||
| CVE-2026-11506 | Med | 0.41 | 6.3 | 0.00 | Jun 8, 2026 | A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit… | ||
| CVE-2026-9542 | Med | 0.41 | 6.3 | 0.00 | May 26, 2026 | A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit… | ||
| CVE-2025-13172 | Med | 0.41 | 6.3 | 0.00 | Nov 14, 2025 | A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has… | ||
| CVE-2025-12261 | Med | 0.41 | 6.3 | 0.00 | Oct 27, 2025 | A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has… | ||
| CVE-2025-12242 | Med | 0.41 | 6.3 | 0.00 | Oct 27, 2025 | A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely.… | ||
| CVE-2025-11593 | Med | 0.41 | 6.3 | 0.00 | Oct 11, 2025 | A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published… | ||
| CVE-2025-11592 | Med | 0.41 | 6.3 | 0.00 | Oct 11, 2025 | A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be… | ||
| CVE-2025-11591 | Med | 0.41 | 6.3 | 0.00 | Oct 11, 2025 | A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely.… | ||
| CVE-2025-11590 | Med | 0.41 | 6.3 | 0.00 | Oct 11, 2025 | A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql injection. It is possible to launch the attack… | ||
| CVE-2025-11589 | Med | 0.41 | 6.3 | 0.00 | Oct 10, 2025 | A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit… | ||
| CVE-2025-11588 | Med | 0.41 | 6.3 | 0.00 | Oct 10, 2025 | A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available… | ||
| CVE-2025-12610 | Med | 0.31 | 4.7 | 0.00 | Nov 3, 2025 | A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been… | ||
| CVE-2025-12609 | Med | 0.31 | 4.7 | 0.00 | Nov 3, 2025 | A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely.… | ||
| CVE-2024-25869 | 0.04 | — | 0.19 | Feb 28, 2024 | An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component. |
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the…
- risk 0.42cvss 6.5epss 0.00
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely.…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely.…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql injection. It is possible to launch the attack…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely.…
- CVE-2024-25869Feb 28, 2024risk 0.04cvss —epss 0.19
An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.
Page 1 of 3