GCVE - cpe:2.3:a:codezips:gym_management_system:1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:codezips:gym_management_system:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Codezips (`d6987edb-dda5-55fa-ba47-db9343ba86ca`)
Product	Gym Management System (`eff23ff2-663d-5bac-858a-484f4611de30`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/codezips/gym-management-system-php`	purl2cpe	2026-06-01 10:17:56.095604

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2847`	vulnerable	2026-06-03 15:00:26.654726	Codezips Gym Management System over_month.php sql injection MEDIUM (6.3) A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-27T13:00:19.885Z Updated: 2025-03-27T13:20:01.951Z Open on db.gcve.eu Reference links https://vuldb.com/?id.301493 https://vuldb.com/?ctiid.301493 https://vuldb.com/?submit.522330 https://www.yuque.com/baimatangseng-iyusa/qwwm81/zbefafzyl0of6g56?singleDoc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-29208`	vulnerable	2026-06-03 15:00:14.239757	Details available CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. Published: 2025-04-01T00:00:00.000Z Updated: 2025-04-14T17:29:40.090Z Open on db.gcve.eu Reference links https://github.com/LLz-7/CVE/blob/main/CVE_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1959`	vulnerable	2026-06-03 14:59:06.870519	Codezips Gym Management System change_s_pwd.php sql injection HIGH (7.3) A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /change_s_pwd.php. The manipulation of the argument login_id/login_key leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-04T22:31:04.431Z Updated: 2025-04-02T20:49:26.630Z Open on db.gcve.eu Reference links https://vuldb.com/?id.298560 https://vuldb.com/?ctiid.298560 https://vuldb.com/?submit.510782 https://github.com/CContinueee/CVE/blob/main/CVE_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1856`	vulnerable	2026-06-03 14:59:06.681782	Codezips Gym Management System gen_invoice.php sql injection HIGH (7.3) A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-03T07:31:06.276Z Updated: 2025-03-03T14:26:02.394Z Open on db.gcve.eu Reference links https://vuldb.com/?id.298124 https://vuldb.com/?ctiid.298124 https://vuldb.com/?submit.506107 https://github.com/smartttt1/CVE/blob/main/CVE_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1854`	vulnerable	2026-06-03 14:59:06.680652	Codezips Gym Management System del_member.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-03-03T06:31:04.518Z Updated: 2025-03-03T15:55:29.875Z Open on db.gcve.eu Reference links https://vuldb.com/?id.298122 https://vuldb.com/?ctiid.298122 https://vuldb.com/?submit.506053 https://github.com/yhj09/CVE/blob/main/CVE_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1380`	vulnerable	2026-06-03 14:59:05.306162	Codezips Gym Management System del_plan.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-02-17T07:00:15.364Z Updated: 2025-02-18T19:32:08.675Z Open on db.gcve.eu Reference links https://vuldb.com/?id.295988 https://vuldb.com/?ctiid.295988 https://vuldb.com/?submit.501980 https://www.yuque.com/polaris-pisym/aevk1q/fdkeqw2a2ug9zohn	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1206`	vulnerable	2026-06-03 14:58:58.003323	Codezips Gym Management System viewdetailroutine.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-02-12T15:00:11.640Z Updated: 2025-02-12T15:15:05.152Z Open on db.gcve.eu Reference links https://vuldb.com/?id.295143 https://vuldb.com/?ctiid.295143 https://vuldb.com/?submit.496961 https://github.com/sekaino-sakura/CVE/blob/main/CVE_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1188`	vulnerable	2026-06-03 14:58:57.981698	Codezips Gym Management System updateroutine.php sql injection MEDIUM (6.3) A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-02-12T09:00:10.434Z Updated: 2025-02-18T17:38:13.914Z Open on db.gcve.eu Reference links https://vuldb.com/?id.295094 https://vuldb.com/?ctiid.295094 https://vuldb.com/?submit.496409 https://github.com/takakie/CVE/blob/main/cve_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1183`	vulnerable	2026-06-03 14:58:57.974213	CodeZips Gym Management System more-userprofile.php sql injection MEDIUM (6.3) A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-02-12T06:58:30.355Z Updated: 2025-02-18T17:42:17.794Z Open on db.gcve.eu Reference links https://vuldb.com/?id.295087 https://vuldb.com/?ctiid.295087 https://vuldb.com/?submit.495410 https://www.yuque.com/polaris-pisym/aevk1q/fyu4dy8fglbs6rzy	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0881`	vulnerable	2026-06-03 14:58:33.102936	Codezips Gym Management System saveroutine.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-01-30T20:31:11.269Z Updated: 2025-01-30T21:21:00.332Z Open on db.gcve.eu Reference links https://vuldb.com/?id.294126 https://vuldb.com/?ctiid.294126 https://vuldb.com/?submit.489192 https://github.com/wizdzz/CVE/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0880`	vulnerable	2026-06-03 14:58:33.102552	Codezips Gym Management System updateplan.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Published: 2025-01-30T20:31:08.278Z Updated: 2025-01-30T21:21:39.243Z Open on db.gcve.eu Reference links https://vuldb.com/?id.294125 https://vuldb.com/?ctiid.294125 https://vuldb.com/?submit.488716 https://www.yuque.com/u21735104/brookes/za83ilxr9g2fkv8b	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0562`	vulnerable	2026-06-03 14:58:32.430438	Codezips Gym Management System health_status_entry.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Published: 2025-01-19T01:00:08.392Z Updated: 2025-01-21T20:31:08.238Z Open on db.gcve.eu Reference links https://vuldb.com/?id.292523 https://vuldb.com/?ctiid.292523 https://vuldb.com/?submit.484184 https://github.com/LiuSir5211314/-sir/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0541`	vulnerable	2026-06-03 14:58:32.402648	Codezips Gym Management System edit_member.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Published: 2025-01-17T21:31:05.006Z Updated: 2025-01-17T21:43:06.350Z Open on db.gcve.eu Reference links https://vuldb.com/?id.292433 https://vuldb.com/?ctiid.292433 https://vuldb.com/?submit.480220 https://github.com/nbeisss/CVE/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0535`	vulnerable	2026-06-03 14:58:32.391302	Codezips Gym Management System edit_mem_submit.php sql injection MEDIUM (6.3) A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-01-17T19:00:16.943Z Updated: 2025-01-21T16:42:16.581Z Open on db.gcve.eu Reference links https://vuldb.com/?id.292419 https://vuldb.com/?ctiid.292419 https://vuldb.com/?submit.479159 https://github.com/lan041221/cve/blob/main/SQL_Injection_in_Gym_Management_System.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0532`	vulnerable	2026-06-03 14:58:32.387179	Codezips Gym Management System new_submit.php sql injection MEDIUM (6.3) A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published: 2025-01-17T17:31:04.437Z Updated: 2025-01-21T15:54:09.836Z Open on db.gcve.eu Reference links https://vuldb.com/?id.292416 https://vuldb.com/?ctiid.292416 https://vuldb.com/?submit.479100 https://github.com/TIANN0/CVE/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0231`	vulnerable	2026-06-03 14:58:24.047781	Codezips Gym Management System submit_payments.php sql injection MEDIUM (6.3) A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payments.php. The manipulation of the argument m_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-01-05T21:31:05.496Z Updated: 2025-01-06T14:53:58.595Z Open on db.gcve.eu Reference links https://vuldb.com/?id.290227 https://vuldb.com/?ctiid.290227 https://vuldb.com/?submit.474596 https://github.com/gh464646/CVE/issues/1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.