CVE-2025-0881: Codezips Gym Management System saveroutine.php sql injection
First published: Thu Jan 30 2025(Updated: )
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gym Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0881?
CVE-2025-0881 is classified as a critical vulnerability.
What type of vulnerability is CVE-2025-0881?
CVE-2025-0881 is an SQL injection vulnerability affecting the Codezips Gym Management System.
Which function is affected by CVE-2025-0881?
The vulnerability affects an unknown function in the file /dashboard/admin/saveroutine.php.
How do I fix CVE-2025-0881?
To fix CVE-2025-0881, you should sanitize and validate user inputs to prevent SQL injection attacks.
Is remote exploitation possible with CVE-2025-0881?
Yes, CVE-2025-0881 can be exploited remotely due to its SQL injection nature.
- collector/nvd-api
- source/NVD
- agent/first-publish-date
- agent/type
- agent/title
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/author
- agent/weakness
- agent/source
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/codezips
- canonical/gym management system