CVE-2024-55271

LOW

phpgurukul Gym Management System 1.0 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55271. PoCs published by shoaibalam112.

AI-analyzed exploit summary The repository contains a functional CSRF PoC for CVE-2024-55271, targeting the Gym Management System's profile update functionality. The exploit demonstrates unauthorized modifications to user information via a crafted HTML form.

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.

Exploits (1)

nomisec WORKING POC

by shoaibalam112 · poc

https://github.com/shoaibalam112/CVE-2024-55271

View Code ZIP pw:eip

The repository contains a functional CSRF PoC for CVE-2024-55271, targeting the Gym Management System's profile update functionality. The exploit demonstrates unauthorized modifications to user information via a crafted HTML form.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Gym Management System (version not specified)

No auth needed

Prerequisites: Victim must be authenticated and visit the malicious page

MITRE ATT&CK

T1539 - Steal Web Session Cookie

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/shoaibalam112/CVE-2024-55271/blob/main/README.md

View Writeup ZIP pw:eip

Various Sources

https://github.com/shoaibalam112/Gym_Management_system

Scores

CVSS v3 3.5

EPSS 0.0013

EPSS Percentile 2.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

phpgurukul/gym_management_system 1.0

Published Feb 17, 2026

Tracked Since Feb 18, 2026