CVE-2025-67147

Description

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the name, email, and comment parameters in (1) submit_contact.php, the username and pass_key parameters in (2) secure_login.php, and the login_id, pwfield, and login_key parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.