CVE-2022-2842 A critical vulnerability has been found in SourceCodester Gym Management System. The manipulation of the user_email argument leads to sql injection.

According to the details, this critical vulnerability is caused by a sql injection. It is possible to exploit this vulnerability remotely. An attacker can inject malicious code into the source code and send it to the victim. The details of the vulnerability have been published in the public domain. The security researchers always try to disclose the vulnerabilities to the vendors before the hackers do so. Therefore, it is possible to patch the vulnerability before the hackers exploit it. However, it is always recommended to keep your systems updated with the latest software versions. Vulnerable versions of SourceCodester Gym Management System - Windows, Linux and Mac OS - are released. Therefore, you need to patch your systems as soon as possible.

Vulnerability Details

SourceCodester Gym Management System - Windows, Linux and Mac OS - is vulnerable to a SQL injection. An attacker can exploit this vulnerability and inject malicious code into the source code and send it to the victim. This can be done remotely via HTTP or FTP. The details of the vulnerability have been published in the public domain. The security researchers always try to disclose the vulnerabilities to the vendors before hackers do so. Therefore, it is possible to patch this vulnerability before hackers exploit it. However, it is always recommended to keep your systems updated with the latest software versions. Vulnerable versions of SourceCodester Gym Management System - Windows, Linux and Mac OS - are released. Therefore, you need to patch your systems as soon as possible.

Vulnerability Details:

SourceCodester Gym Management System - Windows, Linux and Mac OS - is vulnerable to a SQL injection that can be exploited remotely via HTTP or FTP by injecting malicious code into our source codes and sending them over the network which will lead to remote execution of an operation on their database server that could cause a complete takeover of their system if not patched quickly enough.

What is Gym Management System?

A Gym Management System (GMS) is an online software that supports the management of a gym or fitness center. The users can create members, assign equipment and schedules, manage personal data and more.

How to Check SourceCodester Gym Management System Version?

To check your version, you need to open your SourceCodester Gym Management system. Then, you need to click on the Help menu and select About. If you see a Version number of 2.8, then you are running an older version and should update it as soon as possible.
While some vulnerabilities cannot be patched, this vulnerability is easy to fix. The victims will not suffer any consequences because no one could exploit it without the right tools and knowledge.

Timeline

Published on: 08/22/2022 19:15:00 UTC
Last modified on: 08/24/2022 13:00:00 UTC

References

• https://github.com/WhiteA1so/CVE/blob/main/Gym%20Management%20System-loginpage-Sqlinjection.pdf
• https://vuldb.com/?id.206451
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2842