CVE-2025-4463: itsourcecode Gym Management System ajax.php sql injection
First published: Fri May 09 2025(Updated: )
A vulnerability, which was classified as critical, was found in itsourcecode Gym Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_package. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| itsourcecode Gym Management System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4463?
CVE-2025-4463 is classified as a critical vulnerability.
How does CVE-2025-4463 affect the Gym Management System?
CVE-2025-4463 allows for SQL injection through the manipulation of the argument ID in the /ajax.php?action=save_package function.
How do I fix CVE-2025-4463?
To fix CVE-2025-4463, ensure proper input validation and parameterized queries to prevent SQL injection.
Is CVE-2025-4463 exploitable remotely?
Yes, CVE-2025-4463 can be exploited remotely.
What software versions are affected by CVE-2025-4463?
CVE-2025-4463 affects the itsourcecode Gym Management System 1.0.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/type
- agent/references
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/itsourcecode
- canonical/itsourcecode gym management system