Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-29288. PoCs published by Jyotsna Adhana.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Gym Management System 1.0 via the 'id' parameter in manage_user.php. The PoC uses a UNION-based attack to extract database name and MariaDB version.
Description
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
Exploits (1)
exploitdb
WORKING POC
by Jyotsna Adhana · textwebappsphp
https://www.exploit-db.com/exploits/48936
This exploit demonstrates a SQL injection vulnerability in Gym Management System 1.0 via the 'id' parameter in manage_user.php. The PoC uses a UNION-based attack to extract database name and MariaDB version.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Gym Management System 1.0
No auth needed
Prerequisites:
Access to the vulnerable endpoint · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.sourcecodester.com/php/14541/gym-management-system-using-phpmysqli-source-code.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48936
Third Party Advisory x_refsource_misc
https://github.com/BigTiger2020/Gym-Management-System/blob/main/README.md
Scores
CVSS v3
9.8
EPSS
0.0256
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
admerc/gym_management_system
1.0
Published
Dec 02, 2020
Tracked Since
Feb 18, 2026