CVE-2022-2700

MEDIUM

Gym Management System - SQL Injection via Day Parameter

Title source: llm
STIX 2.1

Description

A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the component GET Parameter Handler. The manipulation of the argument day leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205821 was assigned to this vulnerability.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.205821

Scores

CVSS v3 4.7
EPSS 0.0061
EPSS Percentile 44.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
gym_management_system_project/gym_management_system
Published Aug 08, 2022
Tracked Since Feb 18, 2026