CVE-2025-1959

Опубликовано: 04 мар. 2025

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /change_s_pwd.php. The manipulation of the argument login_id/login_key leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/CContinueee/CVE/blob/main/CVE_1.md
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.298560
Permissions Required
VDB Entry
https://vuldb.com/?id.298560
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.510782
Third Party Advisory
VDB Entry
https://github.com/CContinueee/CVE/blob/main/CVE_1.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codezips:gym_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00133

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-h5x8-77p3-qchh

CVSS3: 7.3

github

11 месяцев назад

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /change_s_pwd.php. The manipulation of the argument login_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

EPSS

Процентиль: 34%

0.00133

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74