CVE-2024-55271

LOW

phpgurukul Gym Management System 1.0 - CSRF

Title source: llm

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specifically the /profile.php endpoint.

Exploits (1)

nomisec WORKING POC

by shoaibalam112 · poc

https://github.com/shoaibalam112/CVE-2024-55271

View Code ZIP pw:eip

References (2)

[Various Sources] https://github.com/shoaibalam112/CVE-2024-55271/blob/main/README.md

[Various Sources] https://github.com/shoaibalam112/Gym_Management_system

Scores

CVSS v3 3.5

EPSS 0.0001

EPSS Percentile 2.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-352

Status published

Affected Products (1)

phpgurukul/gym_management_system

Timeline

Published Feb 17, 2026

Tracked Since Feb 18, 2026