← back
CVE-2026-5206

code-projects Simple Gym Management System Payment sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74CWE-89
A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment_id/Amount/customer_id/payment_type/customer_name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
code-projects · Simple Gym Management System
public PoCs found1
cve_referencegithub.com/maidangdang1/CVE/issues/5unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://code-projects.org/https://github.com/maidangdang1/CVE/issues/5https://vuldb.com/submit/780406https://vuldb.com/vuln/354336https://vuldb.com/vuln/354336/cti