CVE-2023-37068

CRITICAL

Sherlock Gym Management System - SQL Injection

Title source: rule

Description

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.

Exploits (1)

nomisec WRITEUP

by riteshs4hu · poc

https://github.com/riteshs4hu/My-CVE

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/Mr-Secure-Code/My-CVE/blob/main/CVE-2023-37068-Exploit.md

[Various Sources] https://github.com/riteshs4hu/My-CVE/blob/main/CVE-2023-37068-Exploit.md

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 50.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

sherlock/gym_management_system 1.0

Published Aug 09, 2023

Tracked Since Feb 18, 2026