CVE-2023-37068

CRITICAL

Gym Management System V1.0 - SQL Injection via Login Form

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-37068. PoCs published by riteshs4hu.

AI-analyzed exploit summary The repository provides detailed steps to reproduce SQL injection and XSS vulnerabilities in multiple Code-Projects applications, including payloads and specific endpoints. However, it lacks actual exploit code, focusing instead on manual reproduction steps.

Description

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

Exploits (1)

nomisec WRITEUP

by riteshs4hu · poc

https://github.com/riteshs4hu/My-CVE

View Code ZIP pw:eip

The repository provides detailed steps to reproduce SQL injection and XSS vulnerabilities in multiple Code-Projects applications, including payloads and specific endpoints. However, it lacks actual exploit code, focusing instead on manual reproduction steps.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Code-Projects Gym Management System V1.0, Online Hospital Management System V1.0, Hospital Information System 1.0

No auth needed

Prerequisites: Access to the login page of the vulnerable application · Burp Suite or similar tool for request interception

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md

View Exploit ZIP pw:eip

Various Sources

https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37068-Exploit.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0088

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

sherlock/gym_management_system 1.0

Published Aug 09, 2023

Tracked Since Feb 18, 2026